Remove any “credentials” or “access keys” from compiled source code.
How it works
Credentials, or secrets in compiled code, can lead to compromise of target services. Credentials in code must be detected and eliminated promptly.
Credentials apart from being eliminated must also be disabled once it's made its way into git/ version control history.
Credentials are always to be accessed via a secret manager, and not to be held in persistent memory in an un-encrypted form
Considerations
While configuring a credential manager, it is important to handle role accesses, and credential keys correctly to ensure unauthorized entities are not able to access stored credentials
Eliminate Credentials In Code
Digital Artifacts
Definition
How it works
Considerations
Contributed By:
Aashiq Ramachandran, Cyware Labs
MITRE D3FEND Tactic:
Harden