Ensure no hard coded API token exist in the provider
Description
This policy checks for the presence of hardcoded API tokens in the Bridgecrew provider configuration. Hardcoding sensitive information such as API tokens poses a significant security risk, as it can be accessed by unauthorized users, potentially leading to data breaches or other malicious activities. It is essential to keep such secrets secure and not expose them in plain text. The rule CKV_BCW_1 ensures that no hardcoded API token exists in the provider, promoting secure coding practices.
Code Example
terraform
provider "bridgecrew" {
token = env.BRIDGECREW_TOKEN
}Remediation
Ensure the API token is not hardcoded in the provider configuration. Instead, use environment variables or a secure secrets management system to store and retrieve sensitive information.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0819 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | bridgecrew |
| Checkov ID | CKV_BCW_1 |