Ensure the droplet specifies an SSH key

Description

This policy checks whether a DigitalOcean droplet specifies an SSH key for secure access. Specifying an SSH key is important because it ensures that only authorized users can access the droplet. Without an SSH key, the droplet may be vulnerable to unauthorized access. By specifying an SSH key, you can ensure that only trusted users can connect to the droplet.

Code Example

terraform

resource "digitalocean_droplet" "example" {
  name   = "example"
  size   = "s-1vcpu-1gb"
  image  = "ubuntu-20-04-x64"
  region = "nyc1"
  ssh_keys = ["your_ssh_key_fingerprint"]
}

Remediation

Ensure the droplet specifies an SSH key by adding the ssh_keys attribute to the digitalocean_droplet resource.

Rule Details

Field	Value
ID	IAC-0831
Severity	MEDIUM
IaC Type	Terraform
Frameworks	digitalocean_droplet
Checkov ID	CKV_DIO_2

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Ensure the droplet specifies an SSH key

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Ensure the droplet specifies an SSH key ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Ensure the droplet specifies an SSH key

Description

Code Example

Remediation

Rule Details

References