Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CKV_GIT_4: "Ensure GitHub Actions secrets are encrypted" error for data source referenced plaintext_value #4010

Closed
wenqiglantz opened this issue Dec 7, 2022 · 1 comment
Closed

CKV_GIT_4: "Ensure GitHub Actions secrets are encrypted" error for data source referenced plaintext_value #4010

wenqiglantz opened this issue Dec 7, 2022 · 1 comment
Labels
checks Check additions or changes More info required Awaiting information for triage or confirmation

Comments

@wenqiglantz
Copy link

Describe the issue
This issue is an expansion of #2374. I am running into the following error (see screenshot) in my github actions workflow:

image

Here is the relevant code snippet:

data "aws_ecr_repository" "ecr_repo" {
  name = var.ecr_repository_name
}

resource "github_actions_environment_secret" "ecr_repository_name" {
  repository      = "example"
  environment     = "dev"
  secret_name     = "ECR_REPOSITORY_NAME"
  plaintext_value = data.aws_ecr_repository.ecr_repo.name
}

My question is the value for "plaintext_value" is not a hard coded value, but a data source reference, can this scenario be excluded from your check for "plaintext_value"?

Version (please complete the following information):

  • Checkov Version: master, as I am using your github action "bridgecrewio/checkov-action@master"
@wenqiglantz wenqiglantz added the checks Check additions or changes label Dec 7, 2022
@gruebel
Copy link
Contributor

gruebel commented Dec 14, 2022

hey @wenqiglantz thanks for reaching out. I tested it with the latest version and the check doesn't fail for me with the configuration you posted.

@gruebel gruebel added the More info required Awaiting information for triage or confirmation label Dec 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
checks Check additions or changes More info required Awaiting information for triage or confirmation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wenqiglantz @nimrodkor @gruebel