Access credentials, such as passwords and access keys, should not be hardcoded in source code. Hardcoding credentials may cause leaks even after removing them. This is because version control systems might retain older versions of the code. Credentials should be stored securely and obtained from the runtime environment.
1def create_session_noncompliant():
2 import boto3
3 # Noncompliant: uses hardcoded secret access key.
4 sample_key = "AjWnyxxxxx45xxxxZxxxX7ZQxxxxYxxx1xYxxxxx"
5 boto3.session.Session(aws_secret_access_key=sample_key)
1def create_session_compliant():
2 import boto3
3 import os
4 # Compliant: uses environment variable for secret access key.
5 sample_key = os.environ.get("AWS_SECRET_ACCESS_KEY")
6 boto3.session.Session(aws_secret_access_key=sample_key)