---
title: No Hardcoded Secrets in Repo
impact: CRITICAL
impactDescription: prevents compromise of credentials
tags: security, secrets, python
---

## No Hardcoded Secrets in Repo

Never commit API keys, passwords, or tokens to version control.

**Incorrect:**
```python
AWS_SECRET = "AKIA-SECRET-KEY-123"
db_pass = "admin123"
```

**Correct:**
```python
import os
AWS_SECRET = os.environ.get("AWS_SECRET_KEY")
# Or use a secrets manager
```