Ensure Serverless Function Uses Encrypt Environment Variables

Serverless functions run on a cloud platform without requiring you to provision or manage servers.
Serverless functions are triggered by HTTP requests, database changes, or timers.
Environment variables are key-value pairs that you can use to store configuration data or secrets for your function.
It is recommended to encrypt environment variables for serverless functions because they may contain sensitive information such as API keys, passwords, or tokens.
Encrypting environment variables can help protect your data from unauthorized access or leakage.
Depending on the cloud provider and the framework you use, there are different ways to encrypt environment variables for serverless functions.

Suggest Edits

Risk Level: high
Platform: AWS Serverless
Spectral Rule ID: SLFW002

REMEDIATION

Define a kmsKeyArn in the function or the provider

provider:
  name: aws

functions:
  hello: # this function will OVERWRITE the service level environment config above
+ kmsKeyArn: arn:aws:kms:us-east-1:XXXXXX:key/some-hash

OR

provider:
  name: aws
+ kmsKeyArn: arn:aws:kms:us-east-1:XXXXXX:key/some-hash

Updated about 1 year ago

REMEDIATION

Read more: