Skip to content

Sensitive Data: Django Secret Key Exposure¶

Identifier: django_secret_key

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

The Django settings.py file containing a secret key was discovered. An attacker may use the secret key to bypass many security mechanisms and potentially obtain other sensitive configuration information (such as database password) from the settings file.

Reference: https://docs.gitguardian.com/secrets-detection/detectors/specifics/django_secret_key

Configuration¶

Example¶

Example configuration:

---
security_tests:
  django_secret_key:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.