# Hardcoded Secrets in Source Code

- ID: go-hardcoded-secrets
- Severity: CRITICAL
- CWE: Hardcoded Credentials (CWE-798)
- Languages: Go

## Description

API keys, passwords, or tokens hardcoded in source code.

## Remediation

Load secrets from environment variables instead of hardcoding them.

```go
import "os"

apiKey := os.Getenv("API_KEY")
if apiKey == "" {
    log.Fatal("API_KEY not set")
}
```

Learn more: https://shoulder.dev/learn/go/cwe-798/hardcoded-secrets

## Documentation

[object Object]

## Related Rules

- **Django Insecure SECRET_KEY** [CRITICAL]: 
- **Docker Secrets and Security Best Practices** [CRITICAL]: 
- **Hardcoded Secret in Environment Variable Fallback** [HIGH]: 
- **Hardcoded Credentials** [HIGH]: 
- **Hardcoded High-Entropy Secrets Detection** [CRITICAL]: