terraform.azure.security.keyvault.keyvault-content-type-for-secret.keyvault-content-type-for-secret
semgrep
Author
unknown
Download Count*
License
Key vault Secret should have a content type set
Run Locally
Run in CI
Defintion
rules:
- id: keyvault-content-type-for-secret
message: Key vault Secret should have a content type set
patterns:
- pattern: resource
- pattern-not-inside: |
resource "azurerm_key_vault_secret" "..." {
...
content_type = "..."
...
}
- pattern-inside: |
resource "azurerm_key_vault_secret" "..." {
...
}
metadata:
category: correctness
technology:
- terraform
- azure
references:
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret#content_type
- https://docs.microsoft.com/en-us/azure/key-vault/secrets/about-secrets
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
languages:
- hcl
severity: INFO
Examples
keyvault-content-type-for-secret.tf
resource "azurerm_key_vault_secret" "good_example" {
name = "secret-sauce"
value = "qwerty"
key_vault_id = azurerm_key_vault.example.id
content_type = "password"
}
# ruleid: keyvault-content-type-for-secret
resource "azurerm_key_vault_secret" "bad_example" {
name = "secret-sauce"
value = "qwerty"
key_vault_id = azurerm_key_vault.example.id
}
Short Link: https://sg.run/eoAb