# Hardcoded Secrets in Manifest

- ID: kubernetes-hardcoded-secrets
- Severity: CRITICAL
- CWE: Hardcoded Credentials (CWE-798)
- Languages: YAML
- Frameworks: kubernetes

## Description

Detects hardcoded secrets, passwords, or API keys in Kubernetes manifests.

## Detection Message

Secrets, passwords, or API keys are hardcoded in the Kubernetes manifest.

## Remediation

Use Kubernetes Secrets with valueFrom.

```yaml
env:
  - name: DB_PASSWORD
    valueFrom:
      secretKeyRef:
        name: db-secret
        key: password
```

Learn more: https://shoulder.dev/learn/kubernetes/cwe-798/hardcoded-secrets

## Documentation

[object Object]

## Related Rules

- **Django Insecure SECRET_KEY** [CRITICAL]: 
- **Docker Secrets and Security Best Practices** [CRITICAL]: 
- **Hardcoded Secrets in Source Code** [CRITICAL]: 
- **Hardcoded Secret in Environment Variable Fallback** [HIGH]: 
- **Hardcoded Credentials** [HIGH]: