Esc

Credential Scrubbing

D3-CS
D3-CS (Credential Scrubbing)

Definition

The systematic removal of hard-coded credentials from source code to prevent accidental exposure and unauthorized access.

How it Works

Credential Scrubbing involves identifying and eliminating hard-coded credentials such as usernames, passwords, API keys, and tokens from source code repositories. These credentials should be managed securely using environment variables, secret management tools, or secure vaults where they can be safely accessed when needed.

Considerations

  • Developers should conduct regular audits of source code to ensure credentials are not hard-coded.
  • Exposed credentials found in version control history must be disabled and replaced promptly.
  • Adopt role-based access controls and credential rotation policies to minimize security risks.
loading...
json
loading...

References

All
Internet Article

The following references were used to develop the Credential Scrubbing knowledge-base article.

(Note: the consideration of references does not imply specific functionality exists in an offering.)

Secrets Management Cheat Sheet

Reference Type: Internet Article Author: OWASP
Source:
https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html

A knowledge graph of cybersecurity countermeasures