DevSkim/guidance/DS117838.md

Do not store tokens or keys in source code.

Summary

A token or key was found in source code. If this represents a secret, it should be moved somewhere else.

Details

Secrets in source code pose a threat to the application's components, like databases and other users, especially if this source code is leaked or shared. This applies to:

• Users/passwords
• Tokens (JWT's, etc.)
• Hashes
• Encryption keys

Severity Considerations

Follow these steps:

• Change passwords/keys/secrets on the target components.
• Store them in a secrets vault
• Remove them from your code.