From fb151f1ce1e69d0706fd7593018b52e0b04862ff Mon Sep 17 00:00:00 2001
From: Kyle Lindeque <kyle.lindeque@contino.io>
Date: Thu, 24 Jun 2021 13:14:13 +0100
Subject: [PATCH] Module is failing tfsec security parsing

The module is currently failing the tfsec security parser on rule GEN002 because a secret is being stored in the local variable. This should be parsed directly to the resource.
>  [GEN002][WARNING] Local 'locals.' includes a potentially sensitive value which is defined within the project.
https://tfsec.dev/docs/general/GEN002/
---
 main.tf | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/main.tf b/main.tf
index 887ea2d..e1e1ece 100644
--- a/main.tf
+++ b/main.tf
@@ -65,7 +65,6 @@ locals {
 
   repositoryCredentials = jsonencode(var.repositoryCredentials)
   resourceRequirements  = jsonencode(var.resourceRequirements)
-  secrets               = jsonencode(var.secrets)
   systemControls        = jsonencode(var.systemControls)
 
   ulimits = replace(jsonencode(var.ulimits), local.classes["digit"], "$1")
@@ -119,7 +118,7 @@ data "template_file" "container_definition" {
     readonlyRootFilesystem = var.readonlyRootFilesystem ? true : false
     repositoryCredentials  = local.repositoryCredentials == "{}" ? "null" : local.repositoryCredentials
     resourceRequirements   = local.resourceRequirements == "[]" ? "null" : local.resourceRequirements
-    secrets                = local.secrets == "[]" ? "null" : local.secrets
+    secrets                = jsonencode(var.secrets) == "[]" ? "null" : jsonencode(var.secrets) // do not parse secrets via a local var
     systemControls         = local.systemControls == "[]" ? "null" : local.systemControls
     ulimits                = local.ulimits == "[]" ? "null" : local.ulimits
     user                   = var.user == "" ? "null" : var.user