Ensure no hard coded Linode tokens exist in provider

Description

This policy checks for the presence of hard-coded Linode tokens in the provider configuration. Hard-coding sensitive credentials directly in the configuration files poses a significant security risk, as it can be easily accessed by unauthorized users. This check ensures that Linode tokens are not stored in plain text, reducing the risk of credential exposure and potential security breaches. It is essential to handle sensitive credentials securely, such as using environment variables or secure secret management tools.

Code Example

terraform

provider "linode" {
  token = env.LINODE_TOKEN
}

Remediation

Store Linode tokens securely using environment variables or a secrets manager, and reference them in the provider configuration.

Rule Details

Field	Value
ID	IAC-1198
Severity	HIGH
IaC Type	Terraform
Frameworks	linode
Checkov ID	CKV_LIN_1

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Ensure no hard coded Linode tokens exist in provider

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Ensure no hard coded Linode tokens exist in provider ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Ensure no hard coded Linode tokens exist in provider

Description

Code Example

Remediation

Rule Details

References