Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check: CKV_AWS_45: Ensure no hard-coded secrets exist in Lambda environment false-positive #6700

Open
caevv opened this issue Sep 3, 2024 · 1 comment
Open

Check: CKV_AWS_45: Ensure no hard-coded secrets exist in Lambda environment false-positive #6700

caevv opened this issue Sep 3, 2024 · 1 comment
Labels
checks Check additions or changes

Comments

@caevv
Copy link

caevv commented Sep 3, 2024

Describe the issue
I have a lambda that is passing the secret name env variable, but not the secret value, and is failing check CKV_AWS_45: "Ensure no hard-coded secrets exist in Lambda environment"

Examples
CDK:

const githubSecret = new aws_secretsmanager.Secret(this, 'secret', {
  secretName: 'my-secret',
})

const lambda = new aws_lambda.GoFunction(this, "lambda", {
  runtime: aws_lambda.Runtime.PROVIDED_AL2023,
  timeout: Duration.minutes(1),
  entry: `../cmd`,
  architecture: aws_lambda.Architecture.ARM_64,
  environment: {
    APP_PRIVATE_KEY_SECRET_NAME: githubSecret.secretName,
  }
})
githubSecret.grantRead(lambda)

Version:

❯ checkov --version
3.2.120
@caevv caevv added the checks Check additions or changes label Sep 3, 2024
@tsmithv11
Copy link
Collaborator

Hey @caevv thank you for reporting. I'm unfortunately not able to replicate this. Can you grab a log or screenshot of the full Checkov output for this finding so we can debug and fix it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
checks Check additions or changes
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@caevv @tsmithv11