Azure Container Instance environment variable with regular value type
Description
This policy checks for Azure Container Instances (ACI) instances where environment variables are configured with regular values instead of using the secure values property. Objects with secure values are designed to safeguard sensitive information such as passwords or keys for your application. Using secure values for environment variables is a more secure and flexible practice compared to embedding them in your container's image.
Code Example
resource "azurerm_container_group" "fail_1" {
...
init_container {
...
- environment_variables = {
- ENV_INIT_FAIL_1 = random_string.pud-random-str
- }
}
}Remediation
Terraform
- Resource: azurerm_container_group
- Arguments: environment_variables
To fix this issue, ensure that environment variables in your Azure container are securely configured, avoiding the use of regular environment variables. Consider using 'secure_environment_variables' or alternative methods to enhance the security of your environment variables. It is recommended to specify the 'secureValue' property instead of the regular 'value' for the variable's type.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0742 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AZURE_235 |