AWS Security ChangesHomeSearch

AWS AWSCloudFormation documentation change

Service: AWSCloudFormation · 2025-05-16 · Documentation high

File: AWSCloudFormation/latest/UserGuide/aws-properties-codepipeline-pipeline-environmentvariable.md

Summary

Added 'Type' property to environment variable configuration with options 'PLAINTEXT' and 'SECRETS_MANAGER'

Security assessment

Introduces documentation for securely handling secrets via AWS Secrets Manager instead of plaintext. This directly addresses secure credential management but does not indicate a specific prior security issue.

Diff

diff --git a/AWSCloudFormation/latest/UserGuide/aws-properties-codepipeline-pipeline-environmentvariable.md b/AWSCloudFormation/latest/UserGuide/aws-properties-codepipeline-pipeline-environmentvariable.md
index a35a33890..12f7e77e8 100644
--- a//AWSCloudFormation/latest/UserGuide/aws-properties-codepipeline-pipeline-environmentvariable.md
+++ b//AWSCloudFormation/latest/UserGuide/aws-properties-codepipeline-pipeline-environmentvariable.md
@@ -17,0 +18 @@ To declare this entity in your AWS CloudFormation template, use the following sy
+      "Type" : String,
@@ -25,0 +27 @@ To declare this entity in your AWS CloudFormation template, use the following sy
+      Type: String
@@ -47,0 +50,13 @@ _Minimum_ : `1`
+`Type`
+    
+
+Specifies the type of use for the environment variable value. The value can be either `PLAINTEXT` or `SECRETS_MANAGER`. If the value is `SECRETS_MANAGER`, provide the Secrets reference in the EnvironmentVariable value.
+
+_Required_ : No
+
+ _Type_ : String
+
+ _Allowed values_ : `PLAINTEXT | SECRETS_MANAGER`
+
+ _Update requires_ : [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
+