Recipe Name:
Hardcoded Credentials: AWS Key
Description:
AWS credentials should not be hardcoded.
Level:
warning
Language:
- java
Tags:
- security
- framework specific
- AWS
Documentation
Hardcoded credentials pose a security risk. As credentials are frequently reused, a hacker, with access to the repository with hardcoded credentials, could use this information to compromise other systems/applications. Another possible scenario is that the code could end up being published, making the credentials publicly available to anyone.
A possible way of safeguarding your AWS Session Credentials could be to store them in environment variables. This will limit the risk of exposure to a certain degree.
Any strings starting with AKIA_ indicate an AWS key and thus are marked by this recipe.
Recipe
id: scw:aws:credentials-akia
version: 10
metadata:
name: 'Hardcoded Credentials: AWS Key'
shortDescription: AWS credentials should not be hardcoded.
level: warning
language: java
scwCategory: insecure_data_storage:plaintext_storage_of_credentials
enabled: true
descriptionFile: descriptions/Hardcoded_Credentials__AWS_Key.html
tags: security;framework specific;AWS
search:
literal:
value:
contains: AKIA_
availableFixes: []