# Hardcoded Credentials

- ID: python-hardcoded-credentials
- Severity: HIGH
- CWE: Hardcoded Credentials (CWE-798)
- Languages: Python
- Frameworks: django, flask, fastapi

## Description

Detects hardcoded passwords, API keys, tokens, and other credentials in source
code. Credentials should be stored in environment variables or secure vaults.

## Remediation

Store credentials in environment variables instead of source code.

```python
import os

password = os.getenv('DB_PASSWORD')
api_key = os.environ['API_KEY']
secret_key = os.getenv('SECRET_KEY')
```

Learn more: https://shoulder.dev/learn/python/cwe-798/hardcoded-credentials

## Documentation

[object Object]

## Related Rules

- **Django Insecure SECRET_KEY** [CRITICAL]: 
- **Docker Secrets and Security Best Practices** [CRITICAL]: 
- **Hardcoded Secrets in Source Code** [CRITICAL]: 
- **Hardcoded Secret in Environment Variable Fallback** [HIGH]: 
- **Hardcoded Credentials** [HIGH]: