Sensitive Data: Django Secret Key Exposure¶

Identifier: django_secret_key

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

The Django settings.py file containing a secret key was discovered. An attacker may use the secret key to bypass many security mechanisms and potentially obtain other sensitive configuration information (such as database password) from the settings file.

Reference: https://docs.gitguardian.com/secrets-detection/detectors/specifics/django_secret_key

Configuration¶

Example¶

Example configuration:

---
security_tests:
  django_secret_key:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.