The attribute has potentially sensitive data, passwords, tokens or keys in it


Sensitive data stored in attributes can result in compromised data. Sensitive data should be passed in through secret variables

Possible Impact

Sensitive credentials may be compromised

Suggested Resolution

Check the code for vulnerabilities and move to variables

Insecure Example

The following example will fail the general-secrets-sensitive-in-attribute-value check.

resource "aws_instance" "bad_example" {
	instance_type = "t2.small"

	user_data = <<EOF
		Password = "something secret"


Secure Example

The following example will pass the general-secrets-sensitive-in-attribute-value check.

variable "password" {
	type = string

resource "aws_instance" "good_instance" {
	instance_type = "t2.small"

	user_data = <<EOF
		export EDITOR=vimacs


Getting Started
Provider Checks
GitHub Actions