diff --git a/skf/markdown/knowledge_base/277-knowledge_base--secrets_shared_with_the_client--.md b/skf/markdown/knowledge_base/277-knowledge_base--secrets_shared_with_the_client--.md
new file mode 100644
index 000000000..f112a4c22
--- /dev/null
+++ b/skf/markdown/knowledge_base/277-knowledge_base--secrets_shared_with_the_client--.md
@@ -0,0 +1,14 @@
+Description:
+
+symmetric keys, passwords, or API secrets that are shared with the client should
+not be used for functions that are classified critical.
+
+Whenever a client is sucessfully targeted by a malicious attacker the integrety
+of these keys is no longer guaranteed. 
+
+Solution:
+
+Verify that symmetric keys, passwords, or API secrets generated
+by or shared with clients are used only in protecting low risk secrets, 
+such as encrypting local storage, or temporary ephemeral uses such as parameter obfuscation.
+Sharing secrets with clients is clear-text equivalent and architecturally should be treated as such.