/**
 * Copyright (c) 2025 Ofri Peretz
 * Licensed under the MIT License. Use of this source code is governed by the
 * MIT license that can be found in the LICENSE file.
 */
/**
 * ESLint Rule: no-hardcoded-credentials
 * Detects hardcoded passwords, API keys, tokens, and other sensitive credentials
 * CWE-798: Use of Hard-coded Credentials
 *
 * @see https://cwe.mitre.org/data/definitions/798.html
 */
import type { TSESLint } from '@interlace/eslint-devkit';
type MessageIds = 'useEnvironmentVariable' | 'useSecretManager' | 'strategyEnv' | 'strategyConfig' | 'strategyVault' | 'strategyAuto';
export interface Options {
    /** Patterns to ignore (regex strings). Default: [] */
    ignorePatterns?: string[];
    /** Allow credentials in test files. Default: false */
    allowInTests?: boolean;
    /** Minimum length for credential detection. Default: 8 */
    minLength?: number;
    /** Detect API keys. Default: true */
    detectApiKeys?: boolean;
    /** Detect passwords. Default: true */
    detectPasswords?: boolean;
    /** Detect tokens. Default: true */
    detectTokens?: boolean;
    /** Detect database connection strings. Default: true */
    detectDatabaseStrings?: boolean;
    /** Custom credential patterns. Default: [] */
    customPatterns?: Array<{
        /** The type of credential (e.g., 'API key', 'token', 'password') */
        type: string;
        /** Regex pattern to match */
        pattern: string;
    }>;
    /** Strategy for fixing hardcoded credentials: 'env', 'config', 'vault', 'auto' */
    strategy?: 'env' | 'config' | 'vault' | 'auto';
}
type RuleOptions = [Options?];
export declare const noHardcodedCredentials: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
    name: string;
};
export {};