MEDIUM
Source
Trivy
ID
AVD-AZU-0037

Ensure that no sensitive credentials are exposed in VM custom_data

When creating Azure Virtual Machines, custom_data is used to pass start up information into the EC2 instance. This custom_dat must not contain access key credentials.

Impact

Follow the appropriate remediation steps below to resolve the issue.

Don’t use sensitive credentials in the VM custom_data

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
resource "azurerm_virtual_machine" "good_example" {
  name = "good_example"
  os_profile_linux_config {
    disable_password_authentication = false
  }
  os_profile {
    custom_data = <<EOF
			export GREETING="Hello there"
			EOF
  }
}