·
2282 commits
to main
since this release
New Rule: Hardcoded Secret
Action tag: action-v3.4.0
CLI tag: v6.17.1
Core tag: core-v6.17.2
VSX Version: v3.2.2
We’ve introduced a new rule to help prevent security risks caused by embedding sensitive values directly in Flows such as API keys, tokens, passwords, or credentials defined directly within Salesforce Flows.
Hardcoding sensitive values can lead to accidental exposure, difficult rotations, and security vulnerabilities. Instead, secrets should be stored and managed securely.
Recommended alternatives
When a hardcoded secret is detected, we recommend using one of the following secure storage options:
- Named Credentials
- Custom Settings
- Custom Metadata
- External secret management systems