ECS Task Definition Container With Plaintext Password
- Query id: 7fdc2bf3-6bc0-4cb3-84c5-cfd041c0f892
- Query name: ECS Task Definition Container With Plaintext Password
- Platform: Ansible
- Severity: High
- Category: Encryption
- URL: Github
Description¶
It's not recommended to use plaintext environment variables for sensitive information, such as credential data.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: Create task definition
community.aws.ecs_taskdefinition:
family: nginx
containers:
- name: nginx
essential: true
image: "nginx"
portMappings:
- containerPort: 8080
hostPort: 8080
env:
- password: shhh
launch_type: FARGATE
cpu: 512
memory: 1024
state: present
network_mode: awsvpc