Description
Thanks for stopping by to let us know something could be better!
PLEASE READ: If you have a support contract with Google, please create an issue in the support console instead of filing on GitHub. This will ensure a timely response.
Please run down the following list and make sure you've tried the usual "quick fixes":
- Search the issues already opened: https://github.com/googleapis/google-auth-library-python/issues
looked and didn't see an open or closed issue related to this finding.
If you are still having issues, please be sure to include as much information as possible:
Environment details
environment is probably not relevant to this static code finding, but just in case:
- OS: Linux 5.4.241-160.348.amzn2int.x86_64
- Python version: 3.7.16
- pip version: 23.1.2
google-authversion: 2.19.1
Steps to reproduce
- notice that there are hard coded secrets in a test suite, specifically AWS account access key id, secret access key, and session token. why are hard coded secrets bad? https://maturitymodel.security.aws.dev/en/2.-foundational/dont-store-secrets-in-code/
- if this was production code we'd recommend using AWS Secrets Manager, here's a helpful guide: https://docs.aws.amazon.com/secretsmanager/latest/userguide/hardcoded.html.
- since they are test only: replace with fictitious/mock values, AWS APIs suggest some examples such as: https://docs.aws.amazon.com/STS/latest/APIReference/API_GetAccessKeyInfo.html and https://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html in this case.
- profit, or non-profit as appropriate
Making sure to follow these steps will guarantee the quickest resolution possible.
Thanks!
Welcome! Posting this issue for tracking, already have a pull request ready to resolve this finding. Thank you!