Exposing a sensitive environment variable in the configuration can lead to credentials leak
- GG_ID: GG_IAC_0007
- Severity: CRITICAL
- Complexity: LOW
- Categories: SECRET
- Providers: AWS
- Potential data exposure: True
- Visible in logs: False
- User interaction required: False
- Privileges required: True
The value of a sensitive environment variable is defined in plaintext.
The secret is exposed to anyone with access to the configuration and from the AWS Management Console.
Secrets should be pulled from a secure secret storage by the service using them.