# Secrets beta

Hardcoding credentials in code is never a good idea. If the source code falls into the hands of a malicious entity (and it happens more often than we'd like to acknowledge), they can use secrets from the source code to gain access to systems.

This section covers configuration specific to the Secrets analyzer. Please make sure to read the general configuration guide first.

# Configuration - .deepsource.toml

# name

name = "secrets"

# enabled

enabled = true

TIP

The Secrets analyzer only detects hardcoded secrets in non-test files. To specify a certain pattern of files as test files, add them in the test patterns, as shown in the example below.

# Sample config

version = 1

test_patterns = [
  "test/**",
  "test_e2e/**"
]

exclude_patterns = [
  "**/examples/**"
]

[[analyzers]]
name = "secrets"
enabled = true
Last Updated: 4/17/2021, 6:00:13 AM