OpenStack hard coded password, token, or application_credential_secret exists in provider
Description
This policy is designed to flag any instances where OpenStack passwords, tokens, or application_credential_secrets are hardcoded directly into the provider. The primary concern here is a matter of security. When sensitive credentials such as passwords or tokens are hardcoded, they can potentially be exposed to unauthorized users. If this occurs, the unauthorized user can have access to sensitive data in the OpenStack environment. Therefore, this policy helps to prevent security breaches by ensuring that credentials are not hardcoded and are instead managed securely.
Code Example
provider "openstack" {
user_name = "admin"
tenant_name = "admin"
password = var.password // Set your password as a variable
auth_url = "https://my-openstack.org:5000/v3/"
region = "RegionOne"
}Remediation
Terraform
- Resource: TBD
- Arguments: TBD
To fix the issue, remove any hard-coded secrets, tokens, or application_credential_secrets in your OpenStack provider. Instead, use environment variables or supply these credentials through a secure mechanism.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1278 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_OPENSTACK_1 |