The attribute has potentially sensitive data, passwords, tokens or keys in it

Explanation

Sensitive data stored in attributes can result in compromised data. Sensitive data should be passed in through secret variables

Possible Impact

Sensitive credentials may be compromised

Suggested Resolution

Check the code for vulnerabilities and move to variables

Insecure Example

The following example will fail the general-secrets-sensitive-in-attribute-value check.

resource "aws_instance" "bad_example" {
	instance_type = "t2.small"

	user_data = <<EOF
		Password = "something secret"
EOF

}

Secure Example

The following example will pass the general-secrets-sensitive-in-attribute-value check.

variable "password" {
	type = string
}

resource "aws_instance" "good_instance" {
	instance_type = "t2.small"

	user_data = <<EOF
		export EDITOR=vimacs
EOF

}

Getting Started
Provider Checks
Config
GitHub Actions