DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Secrets

Secrets

Made by DeepSource
Use Analyzer

Hardcoded DigitalOcean token in source code SCT-1015

Secrets
Critical

Leaking a DigitalOcean token in source code can cause severe security issues as it can give unauthorized access to DigitalOcean resources and result in a data breach or financial loss. DigitalOcean provides three kinds of tokens - Personal Access Token (PAT), access token, and refresh token. If a token has been leaked, it can be revoked through your DigitalOcean account settings.

It is recommended to use environment variables to store the token. This ensures that the token is not hardcoded in the source code and is kept separate from the codebase. Using environment variables also makes it easier to manage the token as it can be updated without modifying the source code.

Bad practice

import requests

headers = {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer YOUR_DIGITALOCEAN_API_TOKEN'
}

response = requests.get('https://api.digitalocean.com/v2/droplets', headers=headers)

Recommended

import requests
import os

headers = {
    'Content-Type': 'application/json',
    'Authorization': f"Bearer {os.getenv('DIGITALOCEAN_API_TOKEN')}"
}

response = requests.get('https://api.digitalocean.com/v2/droplets', headers=headers)