Project-wide SSH Keys Are Enabled In VM Instances
- Query id: 6e2b1ec1-1eca-4eb7-9d4d-2882680b4811
- Query name: Project-wide SSH Keys Are Enabled In VM Instances
- Platform: GoogleDeploymentManager
- Severity: Medium
- Category: Secret Management
- URL: Github
Description¶
VM Instance should block project-wide SSH keys
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - yaml file
resources:
- name: vm
type: compute.v1.instance
properties:
description: my-vm
Postitive test num. 2 - yaml file
resources:
- name: vm
type: compute.v1.instance
properties:
description: my-vm
metadata:
fingerprint: fingerprint
items:
- key: my-key
value: true
- key: my-key-2
value: false
Postitive test num. 3 - yaml file
resources:
- name: vm
type: compute.v1.instance
properties:
description: my-vm
metadata:
fingerprint: fingerprint
items:
- key: my-key
value: true
- key: block-project-ssh-keys
value: false