Credentials that are stored in clear text in memory or written to log files can be intercepted by a malicious actor.
1public void logCredentialsNoncompliant() {
2 String publicData = "some public data";
3 AWSCredentials credentials = new DefaultAWSCredentialsProviderChain().getCredentials();
4 // Noncompliant: secret access key is logged.
5 log.error("somePublicData: " + publicData + " key: " + credentials.getAWSSecretKey());
6}
1public void logCredentialsCompliant() {
2 String publicData = "some public data";
3 AWSCredentials credentials = new DefaultAWSCredentialsProviderChain().getCredentials();
4 // Compliant: secret access key is not logged.
5 log.error("somePublicData: " + publicData);
6}