Ensure Automation account variables are encrypted

Error: Azure Automation account variables are not encrypted

Bridgecrew Policy ID: BC_AZR_GENERAL_25
Checkov Check ID: CKV_AZURE_73
Severity: LOW

Azure Automation account variables are not encrypted

Description

If you have Automation Account Variables storing sensitive data that are not already encrypted, then you will need to delete them and recreate them as encrypted variables.

Fix - Runtime

In Azure CLI

Set-AzAutomationVariable -AutomationAccountName '{AutomationAccountName}' -Encrypted $true -Name '{VariableName}' -ResourceGroupName '{ResourceGroupName}' -Value '{Value}'

Fix - Buildtime

Terraform

  • Resource: azurerm_automation_variable_int
  • Argument: encrypted
resource "azurerm_automation_variable_int" "example" {
  ...
+ encrypted               = true
}