DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Secrets

Secrets

Made by DeepSource
Use Analyzer

Hardcoded Adobe client ID/secret in source code SCT-1012

Secrets
Critical

Leaking the Adobe client ID and secret in source code can cause severe security issues as it can give unauthorized access to Adobe resources, which can result in a data breach and financial loss due to unauthorized utilization of Adobe resources. If a client ID/secret has been leaked, you can invalidate the client ID/secret pair to mitigate the vulnerability.

It is recommended to use environment variables to store the client ID and secret. This ensures that the client ID and secret are not hardcoded in the source code and are kept separate from the codebase. Using environment variables also makes it easier to manage the client ID and secret as it can be updated without modifying the source code. Additionally, it is recommended that access to the client ID and secret is restricted to only those who need it, by using IAM roles and permissions.

Bad practice

import adobe_analytics

client_id = 'my_client_id'
client_secret = 'my_client_secret'

analytics = adobe_analytics.Analytics(
    client_id=client_id,
    client_secret=client_secret
)

Recommended

import adobe_analytics
import os

client_id = os.getenv('ADOBE_CLIENT_ID')
client_secret = os.getenv('ADOBE_CLIENT_SECRET')

analytics = adobe_analytics.Analytics(
    client_id=client_id,
    client_secret=client_secret
)

References