Secret should not be hardcoded in code


ID: java-security/hardcoded-crypto-key

Language: Java

Severity: Error

Category: Security


Sensitive information should not be written in cleartext in code. This would leak secrets to unauthorized entities. Instead of writing secrets directly into the code, store the secrets in a secure vault or in environment variables. Make sure you also rotate secrets periodically.

Learn More

Non-Compliant Code Examples

public class Foo {
    void bad() {
        SecretKeySpec secretKeySpec = new SecretKeySpec("my secret here".getBytes(), "AES");

Compliant Code Examples

public class Foo {
    void good() {
        SecretKeySpec secretKeySpec = new SecretKeySpec(Properties.getKey(), "AES");
} jetbrains

Seamless integrations. Try Datadog Code Analysis