diff --git a/python/ql/src/Security/CWE-798/HardcodedCredentials.ql b/python/ql/src/Security/CWE-798/HardcodedCredentials.ql
index 4a2ff24a2f28..6e48ada26a42 100644
--- a/python/ql/src/Security/CWE-798/HardcodedCredentials.ql
+++ b/python/ql/src/Security/CWE-798/HardcodedCredentials.ql
@@ -18,6 +18,7 @@ import semmle.python.dataflow.new.TaintTracking
 import semmle.python.filters.Tests
 private import semmle.python.dataflow.new.internal.DataFlowDispatch as DataFlowDispatch
 private import semmle.python.dataflow.new.internal.Builtins::Builtins as Builtins
+private import semmle.python.frameworks.data.ModelsAsData
 
 bindingset[char, fraction]
 predicate fewer_characters_than(StringLiteral str, string char, float fraction) {
@@ -80,6 +81,11 @@ class HardcodedValueSource extends DataFlow::Node {
 
 class CredentialSink extends DataFlow::Node {
   CredentialSink() {
+    exists(string s | s.matches("credentials-%") |
+      // Actual sink-type will be things like `credentials-password` or `credentials-username`
+      this = ModelOutput::getASinkNode(s).asSink()
+    )
+    or
     exists(string name |
       name.regexpMatch(getACredentialRegex()) and
       not name.matches("%file")
diff --git a/python/ql/src/change-notes/2024-06-28-cred-hardcoded.md b/python/ql/src/change-notes/2024-06-28-cred-hardcoded.md
new file mode 100644
index 000000000000..97efe1e30a13
--- /dev/null
+++ b/python/ql/src/change-notes/2024-06-28-cred-hardcoded.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Adding Python support for Hardcoded Credentials as Models as Data
\ No newline at end of file