Ensure Serverless Function Uses Encrypt Environment Variables

Serverless functions run on a cloud platform without requiring you to provision or manage servers.
Serverless functions are triggered by HTTP requests, database changes, or timers.
Environment variables are key-value pairs that you can use to store configuration data or secrets for your function.
It is recommended to encrypt environment variables for serverless functions because they may contain sensitive information such as API keys, passwords, or tokens.
Encrypting environment variables can help protect your data from unauthorized access or leakage.
Depending on the cloud provider and the framework you use, there are different ways to encrypt environment variables for serverless functions.

Risk Level: high
Platform: AWS Serverless
Spectral Rule ID: SLFW002


Define a kmsKeyArn in the function or the provider

  name: aws

  hello: # this function will OVERWRITE the service level environment config above
+ kmsKeyArn: arn:aws:kms:us-east-1:XXXXXX:key/some-hash


  name: aws
+ kmsKeyArn: arn:aws:kms:us-east-1:XXXXXX:key/some-hash

Read more: