Description Description
Proprietary API keys, internal service tokens, or database credentials that use arbitrary formats
Common dev/test passwords like password123, admin, letmein, P@ssw0rd, or application-specific defaults.
Assigned to variables without "password/secret/key/token/auth" (e.g., cfg, conn, apiInit, dbCreds, serviceAccount, value)
Obfuscated or Constructed at Runtime
Formats Not Explicitly Called Out; OAuth, session, or custom JWT-like tokens that don't start with eyJ.
SSH keys or certificates without full contiguous blocks (split or commented)
Secrets in Comments, Tests, Docs, or History. Leftover in test fixtures, example code, migration scripts, or commented-out sections.
Vendor-Specific or Less Common Services like snmp public strings, tokens from Azure, GCP, etc.
What AI Coding Tool are you Using?
Claude Code
AI Model Used
Any
The feedback pertains to which aspect of the project?
Rule definition
Reactions are currently unavailable
You can’t perform that action at this time.
Description
What AI Coding Tool are you Using?
Claude Code
AI Model Used
Any
The feedback pertains to which aspect of the project?
Rule definition