GitHub Actions Environment Secrets defined in Terraform are not encrypted

Description

In the GitHub Terraform provider, there is an optional field to include a plaintext string of the secret. If this is checked into code, it will expose the secret.

Code Example

hcl

resource "github_actions_environment_secret" "test_secret" {

...
-  plaintext_value  = "example%value"
}

Remediation

Terraform

Resource: github_actions_environment_secret, github_actions_organization_secret, github_actions_secret
Attribute: plaintext_value

Rule Details

Field	Value
ID	IAC-1035
Severity	HIGH
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV_GIT_4

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

GitHub Actions Environment Secrets defined in Terraform are not encrypted

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

GitHub Actions Environment Secrets defined in Terraform are not encrypted ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

GitHub Actions Environment Secrets defined in Terraform are not encrypted

Description

Code Example

Remediation

Rule Details

References