Homepage
Not present in the local metadata.
brew package intelligence
checkov
Automic Vault tracks checkov because plain text checkov api key matters when AI agents run command-line tools on macOS.
overview
What Automic Vault knows about checkov
Prevent cloud misconfigurations during build-time for IaC tools
Commands and aliases
No executable aliases were found in the local package database.
radioisotope
Plain Text Checkov API Key
Checkov can read its Bridgecrew/Prisma API key from ~/.bridgecrew/credentials when no API key is supplied by flag or environment. Our isotope stores that credential in the macOS keychain and injects it as BC_API_KEY while `checkov` runs.
Local README excerpt
Checkov Radioisotope
Checkov reads a Bridgecrew/Prisma API key from ~/.bridgecrew/credentials when BC_API_KEY or --bc-api-key is not supplied. The radioisotope moves that plaintext credential into the macOS keychain and injects it as BC_API_KEY while checkov runs.
Caveats
- Only
~/.bridgecrew/credentialsis migrated. - Runtime changes to the Bridgecrew credential file are not persisted back to
the keychain.
- An explicit
--bc-api-keyargument supplied by the user takes precedence in
Checkov's normal argument parsing.
- Direct execution of the original binary will not receive credentials.
Source: data/radioisotopes/checkov/README.md
Coverage source
Caveats
- Only ~/.bridgecrew/credentials is migrated.
- Runtime credential-file changes are not persisted back to keychain.
- Explicit --bc-api-key arguments take precedence in Checkov's normal parsing.
- Direct execution of the original binary will not receive credentials.
install metadata
Resolver facts
| Package key | brew:checkov |
|---|---|
| Last updated | 2026-05-20T12:16:02Z |
| Pulse | updated |
source trail
Generated from repository data
This page is regenerated by scripts/generate-pkg-pages.py. Deployments refuse to publish if www/pkg/ is stale relative to local package data.
Used sources
- Nucleus package database
- local isotope README
- radioisotope security manifest