include::../../../shared_content/secrets/description.adoc[]

== Why is this an issue?

include::../../../shared_content/secrets/rationale.adoc[]

=== What is the potential impact?

// Optional: Give a general description of the secret and what it's used for.

Below are some real-world scenarios that illustrate some impacts of an attacker
exploiting the secret.

// Set value that can be used to refer to the type of secret in, for example:
// "An attacker can use this {secret_type} to ..."
:secret_type: personal access token
:service_name: Pulumi

// Where possible, use predefined content for common impacts. This content can
// be found in the folder "shared_content/secrets/impact".

include::../../../shared_content/secrets/impact/infrastructure_takeover.adoc[]

include::../../../shared_content/secrets/impact/data_compromise.adoc[]

include::../../../shared_content/secrets/impact/data_modification.adoc[]

== How to fix it

include::../../../shared_content/secrets/fix/revoke.adoc[]

include::../../../shared_content/secrets/fix/vault.adoc[]

=== Code examples

:example_secret: pul-c543210a5cf5dccabcdef263ea73148dc258b2f7
:example_name: pulumi-token
:example_env: PULUMI_TOKEN

include::../../../shared_content/secrets/examples.adoc[]

//=== How does this work?

//=== Pitfalls

//=== Going the extra mile

== Resources

include::../../../shared_content/secrets/resources/standards.adoc[]

//=== Benchmarks