Sensitive Data: Django Secret Key Exposure¶

Identifier: django_secret_key

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Django settings.py files containing secret keys can be discovered, allowing attackers to bypass security mechanisms and potentially obtain sensitive configuration information like database passwords.

How we test: We test for exposed Django settings.py files by attempting to access configuration files and analyzing responses to detect if secret keys or other sensitive configuration information are exposed.

Reference: https://docs.gitguardian.com/secrets-detection/detectors/specifics/django_secret_key

Configuration¶

Example¶

Example configuration:

---
security_tests:
  django_secret_key:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.