Sensei Logo Sensei Hub

Recipe - Hardcoded Credentials: AWS Key

Description:
AWS credentials should not be hardcoded.
Level:
warning
Language:
  • java
Tags:
  • security
  • framework specific
  • AWS
Documentation

Hardcoded credentials pose a security risk. As credentials are frequently reused, a hacker, with access to the repository with hardcoded credentials, could use this information to compromise other systems/applications. Another possible scenario is that the code could end up being published, making the credentials publicly available to anyone.

A possible way of safeguarding your AWS Session Credentials could be to store them in environment variables. This will limit the risk of exposure to a certain degree.

Any strings starting with AKIA_ indicate an AWS key and thus are marked by this recipe.

Resources
Recipe
id: scw:aws:credentials-akia
version: 10
metadata:
  name: 'Hardcoded Credentials: AWS Key'
  shortDescription: AWS credentials should not be hardcoded.
  level: warning
  language: java
  scwCategory: insecure_data_storage:plaintext_storage_of_credentials
  enabled: true
  descriptionFile: descriptions/Hardcoded_Credentials__AWS_Key.html
  tags: security;framework specific;AWS
search:
  literal:
    value:
      contains: AKIA_
availableFixes: []