rspec/shared_content/secrets/fix/default.adoc

**Never hard-code secrets, not even the default values**

It is important that you do not hard-code secrets, even default values.

First, hard-coded default secrets are often short and can be easily compromised
even by attackers who do not have access to the code base.

Second, hard-coded default secrets can cause problems if they need to be
changed or replaced.

And most importantly, there is always the possibility to accidentally set
default secrets for production services, which can lead to security
vulnerabilities and make production insecure by default.

To minimize these risks, it is recommended to apply the above strategies, even
for the default settings.
Modify S6698&S6703&S6697: Add a warning against default values (#3121) ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com> 2023-09-22 12:48:47 +02:00			`Never hard-code secrets, not even the default values`

			`It is important that you do not hard-code secrets, even default values.`

			`First, hard-coded default secrets are often short and can be easily compromised`
			`even by attackers who do not have access to the code base.`

			`Second, hard-coded default secrets can cause problems if they need to be`
			`changed or replaced.`

			`And most importantly, there is always the possibility to accidentally set`
			`default secrets for production services, which can lead to security`
			`vulnerabilities and make production insecure by default.`

			`To minimize these risks, it is recommended to apply the above strategies, even`
			`for the default settings.`