Ensure no hard coded PAN-OS credentials exist in provider
Description
This policy checks for hardcoded PAN-OS credentials in the provider configuration. Hardcoding sensitive information such as API keys or passwords poses a significant security risk, as it can be accessed by unauthorized users. It is essential to keep credentials secure and not store them in plain text. This rule ensures that no PAN-OS credentials are hardcoded in the provider configuration, reducing the risk of credential exposure.
Code Example
terraform
provider "panos" {
# Remove hardcoded credentials
# api_key = "your_api_key"
# password = "your_password"
# Instead, use environment variables
api_key = env.PANOS_API_KEY
password = env.PANOS_PASSWORD
}Remediation
Remove hardcoded PAN-OS credentials from the provider configuration and store them securely using environment variables or a secrets manager.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1283 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | panos |
| Checkov ID | CKV_PAN_1 |