DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Secrets

Secrets

Made by DeepSource
Use Analyzer

Hardcoded Databricks API token in source code SCT-1045

Secrets
Critical

Using a hardcoded Databricks API token in source code can lead to severe security issues as it can provide unauthorized access to Databricks resources, which can lead to a data breach and financial loss due to unauthorized utilization of Databricks resources. Leakage of the API token can also lead to unauthorized access to other resources that are connected to Databricks. If an API token has been leaked, you should revoke it immediately.

It is recommended to use environment variables to store the API token. This ensures that the token is not hardcoded in the source code and is kept separate from the codebase. Using environment variables also makes it easier to manage the API token as it can be updated without modifying the source code.

Bad practice

import requests

API_TOKEN = "dapiXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"

headers = {
    "Authorization": "Bearer {}".format(API_TOKEN)
}

response = requests.get('https://example.cloud.databricks.com/api/2.0/clusters/list', headers=headers)

Recommended

import requests
import os

API_TOKEN = os.getenv('DATABRICKS_API_TOKEN')

headers = {
    "Authorization": "Bearer {}".format(API_TOKEN)
}

response = requests.get('https://example.cloud.databricks.com/api/2.0/clusters/list', headers=headers)