# Hardcoded Secrets / Credentials

- ID: python-hardcoded-secrets
- Severity: HIGH
- CWE: Hardcoded Credentials (CWE-798)
- Languages: Python

## Description

Detects hardcoded secrets, passwords, API keys, and cryptographic keys in
source code. Secrets should be stored in environment variables or secure
vaults, never committed to version control.

## Remediation

Load secrets from environment variables, never hardcode them.

```python
import os
from flask import Flask

app = Flask(__name__)
app.config['SECRET_KEY'] = os.environ['SECRET_KEY']
API_KEY = os.environ['API_KEY']
DATABASE_PASSWORD = os.environ['DB_PASSWORD']
```

Learn more: https://shoulder.dev/learn/python/cwe-798/hardcoded-secrets

## Documentation

[object Object]

## Related Rules

- **Django Insecure SECRET_KEY** [CRITICAL]: 
- **Docker Secrets and Security Best Practices** [CRITICAL]: 
- **Hardcoded Secrets in Source Code** [CRITICAL]: 
- **Hardcoded Secret in Environment Variable Fallback** [HIGH]: 
- **Hardcoded Credentials** [HIGH]: