cf35afd3dd
## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com>
17 lines
671 B
Plaintext
17 lines
671 B
Plaintext
**Never hard-code secrets, not even the default values**
|
|
|
|
It is important that you do not hard-code secrets, even default values.
|
|
|
|
First, hard-coded default secrets are often short and can be easily compromised
|
|
even by attackers who do not have access to the code base.
|
|
|
|
Second, hard-coded default secrets can cause problems if they need to be
|
|
changed or replaced.
|
|
|
|
And most importantly, there is always the possibility to accidentally set
|
|
default secrets for production services, which can lead to security
|
|
vulnerabilities and make production insecure by default.
|
|
|
|
To minimize these risks, it is recommended to apply the above strategies, even
|
|
for the default settings.
|