Sensitive certificate key material is stored in state file Affecting Secrets Manager service in Google

Severity Framework Snyk CCSS

Rule category Keys and Secrets / Keys and Secrets

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls CSA-CCM

Snyk ID SNYK-CC-00400
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Certificate private key material will be stored as plain text in state file.

How to fix?

Do not use terraform resource google_compute_ssl_certificate to manage certificates. Use google managed certificates or dedicated PKI service such as Vault".

Terraform

google_compute_ssl_certificate