DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Secrets

Secrets

Made by DeepSource
Use Analyzer

Hardcoded Adafruit API key in source code SCT-1011

Secrets
Critical

Leaking an Adafruit API key in source code can cause severe security issues as it can give unauthorized access to Adafruit IO resources, which can result in a data breach and financial loss due to unauthorized utilization of Adafruit IO resources.

If an API key has been leaked, it is recommended to regenerate it to mitigate the vulnerability.

It is advisable to use environment variables to store the API key. This ensures that the key is not hardcoded in the source code and is kept separate from the codebase. Using environment variables also makes it easier to manage the API key as it can be updated without modifying the source code.

Bad practice

import requests

ADAFRUIT_API_KEY = "0123456789abcdef0123456789abcdef01234567"

response = requests.get(
    'https://io.adafruit.com/api/v2/feeds/myfeed/data',
    headers={'X-AIO-Key': ADAFRUIT_API_KEY}
)

Recommended

import requests
import os

ADAFRUIT_API_KEY = os.getenv('ADAFRUIT_API_KEY')

response = requests.get(
    'https://io.adafruit.com/api/v2/feeds/myfeed/data',
    headers={'X-AIO-Key': ADAFRUIT_API_KEY}
)