Description

When creating Azure Virtual Machines, custom_data is used to pass start up information into the EC2 instance. This custom_data must not contain access key credentials.

Resolution: Don't use sensitive credentials in the VM custom_data.

Examples

Example of incorrect code:

resource "azurerm_virtual_machine" "bad_example" {
	name = "bad_example"
	custom_data =<<EOF
export DATABASE_PASSWORD=\"SomeSortOfPassword\"
EOF
}

Example of correct code:

resource "azurerm_virtual_machine" "good_example" {
	name = "good_example"
	custom_data =<<EOF
export GREETING="Hello there"
EOF
}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Files

azure-compute-no-secrets-in-custom-data.md

azure-compute-no-secrets-in-custom-data.md

Description

Examples

Files

azure-compute-no-secrets-in-custom-data.md

Latest commit

History

azure-compute-no-secrets-in-custom-data.md

File metadata and controls

Description

Examples