Skip to content

[New Check]: Detect secrets in AWS Glue Data Catalog connections #11814

Description

@danibarranqueroo

Existing check search

  • I have searched existing issues, Prowler Hub, and the public roadmap, and this check does not already exist.

Provider

AWS

New provider name

No response

Service or product area

glue

Suggested check name

glue_catalog_connection_no_secrets

Context and goal

AWS Glue Data Catalog connections often store hardcoded database credentials in plaintext connection details.

Expected behavior

  • Resource or scope to evaluate: Each Data Catalog connection.
  • PASS when: No secrets are detected.
  • FAIL when: A secret is detected (report the connection name, not the value).

References

Suggested severity

High

Additional implementation notes

Closely related to glue_connection_no_secrets; can share the same connections model in the glue service. Consider whether to implement as one check or keep catalog-scoped. Severity is High by default and becomes Critical if the secret is validated.

Metadata

Metadata

Assignees

No one assigned

    Labels

    feature-requestNew feature request for Prowler.good first issueIndicates a good issue for first-time contributorsnew-checkprovider/awsIssues/PRs related with the AWS provider

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions