diff --git a/rules/rule-credentials-in-env-var/raw.rego b/rules/rule-credentials-in-env-var/raw.rego
index 44db0c4c2..e3a2e586c 100644
--- a/rules/rule-credentials-in-env-var/raw.rego
+++ b/rules/rule-credentials-in-env-var/raw.rego
@@ -9,7 +9,7 @@
 		container := pod.spec.containers[i]
 		env := container.env[j]
 
-		contains(lower(env.name), key_name)
+		contains(lower(env.name), lower(key_name))
 		env.value != ""
 		# check that value wasn't allowed by user
 		not is_allowed_value(env.value)
@@ -41,7 +41,7 @@
 		container := wl.spec.template.spec.containers[i]
 		env := container.env[j]
 
-		contains(lower(env.name), key_name)
+		contains(lower(env.name), lower(key_name))
 		env.value != ""
 		# check that value wasn't allowed by user
 		not is_allowed_value(env.value)
@@ -71,7 +71,7 @@
 		container := wl.spec.jobTemplate.spec.template.spec.containers[i]
 		env := container.env[j]
 
-		contains(lower(env.name), key_name)
+		contains(lower(env.name), lower(key_name))
 
 		env.value != ""
 		# check that value wasn't allowed by user
@@ -93,6 +93,95 @@
 		}
 	}
 
+# check sensitive values
+deny[msga] {
+		pod := input[_]
+		pod.kind == "Pod"
+		# see default-config-inputs.json for list values
+		sensitive_values := data.postureControlInputs.sensitiveValues
+    	value := sensitive_values[_]
+		container := pod.spec.containers[i]
+		env := container.env[j]
+
+		# check that value wasn't allowed by user
+		not is_allowed_value(env.value)
+		contains(lower(env.value), lower(value))
+
+		is_not_reference(env)
+
+		path := sprintf("spec.containers[%v].env[%v].name", [format_int(i, 10), format_int(j, 10)])
+
+		msga := {
+			"alertMessage": sprintf("Pod: %v has sensitive information in environment variables", [pod.metadata.name]),
+			"alertScore": 9,
+			"fixPaths": [],
+			"failedPaths": [path],
+			"packagename": "armo_builtins",
+			"alertObject": {
+				"k8sApiObjects": [pod]
+			}
+		}
+	}
+
+	deny[msga] {
+		wl := input[_]
+		spec_template_spec_patterns := {"Deployment","ReplicaSet","DaemonSet","StatefulSet","Job"}
+		spec_template_spec_patterns[wl.kind]
+
+		# see default-config-inputs.json for list values
+		sensitive_values := data.postureControlInputs.sensitiveValues
+    	value := sensitive_values[_]
+		container := wl.spec.template.spec.containers[i]
+		env := container.env[j]
+
+		not is_allowed_value(env.value)
+		contains(lower(env.value), lower(value))
+		# check that value wasn't allowed by user
+
+		is_not_reference(env)
+
+		path := sprintf("spec.template.spec.containers[%v].env[%v].name", [format_int(i, 10), format_int(j, 10)])
+
+		msga := {
+			"alertMessage": sprintf("%v: %v has sensitive information in environment variables", [wl.kind, wl.metadata.name]),
+			"alertScore": 9,
+			"fixPaths": [],
+			"failedPaths": [path],
+			"packagename": "armo_builtins",
+			"alertObject": {
+				"k8sApiObjects": [wl]
+			}
+		}
+	}
+
+	deny[msga] {
+		wl := input[_]
+		wl.kind == "CronJob"
+		# see default-config-inputs.json for list values
+		sensitive_values := data.postureControlInputs.sensitiveValues
+    	value := sensitive_values[_]
+		container := wl.spec.jobTemplate.spec.template.spec.containers[i]
+		env := container.env[j]
+
+		# check that value wasn't allowed by user
+		not is_allowed_value(env.value)
+		contains(lower(env.value), lower(value))
+
+		is_not_reference(env)
+
+		path := sprintf("spec.jobTemplate.spec.template.spec.containers[%v].env[%v].name", [format_int(i, 10), format_int(j, 10)])
+
+		msga := {
+			"alertMessage": sprintf("Cronjob: %v has sensitive information in environment variables", [wl.metadata.name]),
+			"alertScore": 9,
+			"fixPaths": [],
+			"failedPaths": [path],
+			"packagename": "armo_builtins",
+			"alertObject": {
+				"k8sApiObjects": [wl]
+			}
+		}
+	}
 
 
 is_not_reference(env)
diff --git a/rules/rule-credentials-in-env-var/test/deployment/expected.json b/rules/rule-credentials-in-env-var/test/deployment/expected.json
new file mode 100644
index 000000000..5895545cc
--- /dev/null
+++ b/rules/rule-credentials-in-env-var/test/deployment/expected.json
@@ -0,0 +1,26 @@
+[
+    {
+        "alertMessage": "Deployment: test2 has sensitive information in environment variables",
+        "failedPaths": [
+            "spec.template.spec.containers[1].env[1].name"
+        ],
+        "fixPaths": [],
+        "ruleStatus": "",
+        "packagename": "armo_builtins",
+        "alertScore": 9,
+        "alertObject": {
+            "k8sApiObjects": [
+                {
+                    "apiVersion": "apps/v1",
+                    "kind": "Deployment",
+                    "metadata": {
+                        "labels": {
+                            "app": "audit-pod"
+                        },
+                        "name": "test2"
+                    }
+                }
+            ]
+        }
+    }
+]
\ No newline at end of file
diff --git a/rules/rule-credentials-in-env-var/test/deployment/input/deployment.yaml b/rules/rule-credentials-in-env-var/test/deployment/input/deployment.yaml
new file mode 100644
index 000000000..7755f24fb
--- /dev/null
+++ b/rules/rule-credentials-in-env-var/test/deployment/input/deployment.yaml
@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: default
+  name: test2
+  labels:
+    app: audit-pod
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: audit-pod
+  template:
+    metadata:
+      labels:
+        app: audit-pod
+    spec :
+      containers :
+        -
+          name : test-container
+          env :
+            -
+              name : random
+              value : "Hello from the environment"
+          image : hashicorp/http-echo:0.2.3
+          securityContext :
+            allowPrivilegeEscalation : true
+        -
+          name : test-container2
+          env :
+            -
+              name : bla
+              value : "Hello from the environment"
+            - name : some-name
+              value : JWT
+          image : hashicorp/http-echo:0.2.3
\ No newline at end of file
diff --git a/rules/rule-credentials-in-env-var/test/pod/expected.json b/rules/rule-credentials-in-env-var/test/pod/expected.json
index 4d85f771c..9324ba1a3 100644
--- a/rules/rule-credentials-in-env-var/test/pod/expected.json
+++ b/rules/rule-credentials-in-env-var/test/pod/expected.json
@@ -2,7 +2,7 @@
     {
         "alertMessage": "Pod: audit-pod has sensitive information in environment variables",
         "failedPaths": [
-            "spec.containers[0].env[0].name"
+            "spec.containers[0].env[1].name"
         ],
         "fixPaths": [],
         "ruleStatus": "",
diff --git a/rules/rule-credentials-in-env-var/test/pod/input/pod.yaml b/rules/rule-credentials-in-env-var/test/pod/input/pod.yaml
index b70071bf6..b0cfb0df0 100644
--- a/rules/rule-credentials-in-env-var/test/pod/input/pod.yaml
+++ b/rules/rule-credentials-in-env-var/test/pod/input/pod.yaml
@@ -8,8 +8,10 @@ spec:
   containers:
   - name: test-container
     env :
-      - name : azure_batch_key
+      - name : random
         value : "Hello from the environment"
+      - name: some-name
+        value: my_key_value
     image: hashicorp/http-echo:0.2.3
     securityContext:
       allowPrivilegeEscalation: true