DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Secrets

Secrets

Made by DeepSource
Use Analyzer

Hardcoded Datadog access token in source code SCT-1014

Secrets
Critical

Leaking a Datadog access token in source code can lead to security risks such as unauthorized access to monitoring data, which can result in data breaches and financial loss. If an access token has been leaked, it is recommended to revoke your access tokens to mitigate the vulnerability.

It is recommended to use environment variables to store the access token. This ensures that the token is not hardcoded in the source code and is kept separate from the codebase. Using environment variables also makes it easier to manage the token as it can be updated without modifying the source code. Additionally, it is recommended that access is restricted to only those who need it, by using the Datadog role-based access control (RBAC) mechanism.

Bad practice

import datadog

options = {
    'api_key': 'YOUR_API_KEY',
    'app_key': 'YOUR_APP_KEY'
}

datadog.initialize(**options)

Recommended

import datadog
import os

options = {
    'api_key': os.getenv('DATADOG_API_KEY'),
    'app_key': os.getenv('DATADOG_APP_KEY')
}

datadog.initialize(**options)