Ensure Tencent Cloud CVM user data does not contain sensitive information
Description
This policy checks whether sensitive information, such as Tencent Cloud secret IDs or keys, is embedded in the user data of Tencent Cloud CVM instances. Embedding sensitive information in user data can expose it to unauthorized access, potentially leading to security breaches. It is essential to keep such information secure and not hardcode it in instance configurations. Proper secret management practices should be followed to handle sensitive data.
Code Example
terraform
resource "tencentcloud_instance" "example" {
# Omit user_data or user_data_raw that contains sensitive information
# Use environment variables or a secrets manager for sensitive data
}Remediation
Ensure that sensitive information like Tencent Cloud secret IDs or keys is not included in the user data of CVM instances. Instead, use secure methods for managing secrets, such as environment variables or secret management services.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1330 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | tencentcloud_instance |
| Checkov ID | CKV_TC_13 |