DevSkim/guidance/DS117838.md

## Do not store tokens or keys in source code.

### Summary
A token or key was found in source code. If this represents a secret, it should be moved somewhere else.

### Details

Secrets in source code pose a threat to the application's components, like
databases and other users, especially if this source code is leaked or shared.
This applies to:

* Users/passwords
* Tokens (JWT's, etc.)
* Hashes
* Encryption keys

### Severity Considerations

Follow these steps:

* Change passwords/keys/secrets on the target components.
* Store them in a secrets vault
* Remove them from your code.
Initial guidance checkin Just template MDs for now, with name and summary pulled from rules 2016-12-12 04:08:44 +03:00			`## Do not store tokens or keys in source code.`

			`### Summary`
			`A token or key was found in source code. If this represents a secret, it should be moved somewhere else.`

			`### Details`
Updates to Populate Sarif Fields for GitHub Severity + Precision (#606) * Update dependencies * Improve Confidence Reporting Adds Confidence Field to Issue Record Sets Confidence to either Confidence of Pattern if specified, or confidence of overall rule if specified Report Confidence and Severity in special Github sarif fields. Add Confidence values to rules * Update Guidance (#600) Fixed typo Tokens/keys in source code DES->AES Guidance * Update Changelog.md --------- Co-authored-by: Cristián Rojas <injcristianrojas@gmail.com> 2024-03-01 01:49:02 +03:00
			`Secrets in source code pose a threat to the application's components, like`
			`databases and other users, especially if this source code is leaked or shared.`
			`This applies to:`

			`* Users/passwords`
			`* Tokens (JWT's, etc.)`
			`* Hashes`
			`* Encryption keys`
Initial guidance checkin Just template MDs for now, with name and summary pulled from rules 2016-12-12 04:08:44 +03:00
			`### Severity Considerations`
Updates to Populate Sarif Fields for GitHub Severity + Precision (#606) * Update dependencies * Improve Confidence Reporting Adds Confidence Field to Issue Record Sets Confidence to either Confidence of Pattern if specified, or confidence of overall rule if specified Report Confidence and Severity in special Github sarif fields. Add Confidence values to rules * Update Guidance (#600) Fixed typo Tokens/keys in source code DES->AES Guidance * Update Changelog.md --------- Co-authored-by: Cristián Rojas <injcristianrojas@gmail.com> 2024-03-01 01:49:02 +03:00
			`Follow these steps:`

			`* Change passwords/keys/secrets on the target components.`
			`* Store them in a secrets vault`
			`* Remove them from your code.`
Initial guidance checkin Just template MDs for now, with name and summary pulled from rules 2016-12-12 04:08:44 +03:00