Secrets detected in source codeSCT-1000Hardcoded Adafruit API key in source codeSCT-1011Hardcoded Alibaba credentials in source codeSCT-1036Hardcoded Asana credentials in source codeSCT-1037Hardcoded Clojars API token in source codeSCT-1040Hardcoded Databricks API token in source codeSCT-1045Hardcoded Dropbox credentials in source codeSCT-1058Hardcoded AWS access token in source codeSCT-1002Hardcoded Google Cloud Platform API key in source codeSCT-1003Hardcoded Stripe access token in source codeSCT-1005Hardcoded Slack access token in source codeSCT-1006Hardcoded GitHub token in source codeSCT-1008Hardcoded GitLab token in source codeSCT-1009Hardcoded Atlassian API token in source codeSCT-1010Hardcoded Adobe client ID/secret in source codeSCT-1012Hardcoded OpenAI API key in source codeSCT-1013Hardcoded Datadog access token in source codeSCT-1014Hardcoded DigitalOcean token in source codeSCT-1015Hardcoded Fastly API token in source codeSCT-1016Hardcoded Linear API key/client secret in source codeSCT-1018Hardcoded New Relic API key in source codeSCT-1019Hardcoded PlanetScale credentials in source codeSCT-1020Hardcoded Postman API token in source codeSCT-1021Hardcoded Twilio API key in source codeSCT-1022Hardcoded DeepSource Personal Access Token (PAT) in source codeSCT-1023Hardcoded Prefect API token in source codeSCT-1024Hardcoded Readme API token in source codeSCT-1028Hardcoded RubyGems API in source codeSCT-1029Hardcoded Sendbird API token in source codeSCT-1030Hardcoded Brevo (Formerly Sendinblue) API token in source codeSCT-1031Hardcoded DroneCI access token in source codeSCT-1033Hardcoded Airtable API key in source codeSCT-1034Hardcoded Algolia API key in source codeSCT-1035Hardcoded Beamer API token in source codeSCT-1038Hardcoded Bittrex credentials in source codeSCT-1039Hardcoded Codecov access token in source codeSCT-1041Hardcoded Coinbase access token in source codeSCT-1042Hardcoded Confluent credentials in source codeSCT-1043Hardcoded Contentful API token in source codeSCT-1044Hardcoded Discord credentials in source codeSCT-1046Hardcoded Doppler API token in source codeSCT-1047Hardcoded Sumologic API key in source codeSCT-1048Hardcoded Twitch API token in source codeSCT-1051Hardcoded Twitter API token in source codeSCT-1052Hardcoded Duffel API token in source codeSCT-1059Hardcoded Dynatrace API token in source codeSCT-1060Hardcoded EasyPost credentials in source codeSCT-1061Hardcoded Etsy access token in source codeSCT-1062Hardcoded Facebook access token in source codeSCT-1063Hardcoded Finicity credentials in source codeSCT-1064Hardcoded Finnhub access token in source codeSCT-1065Hardcoded Flickr access token in source codeSCT-1066Hardcoded Flutterwave credentials in source codeSCT-1067Hardcoded FreshBooks access token in source codeSCT-1069Hardcoded Slack web hook in source codeSCT-1007Hardcoded PyPI upload API token in source codeSCT-1026Hardcoded SendGrid API token in source codeSCT-1032Hardcoded Pulumi API token in source codeSCT-1025Hardcoded JavaScript Web Token in source codeSCT-1004Hardcoded HashiCorp Terraform API token in source codeSCT-1017Hardcoded Rapid API access token in source codeSCT-1027Hardcoded Telegram Bot API token in source codeSCT-1049Hardcoded TravisCI API key in source codeSCT-1050Hardcoded private key in source codeSCT-1001Hardcoded Frame.io API token in source codeSCT-1068Possible hardcoded secrets detected in source codeSCT-A000
Secrets logoSecrets/
SCT-1032

Hardcoded SendGrid API token in source codeSCT-1032

Critical severityCritical
Secrets categorySecrets

Using hardcoded SendGrid API tokens in source code can cause severe security issues as it can give unauthorized access to SendGrid resources, which can result in a data breach and financial loss. If an API token has been leaked, you can revoke your API token to mitigate the vulnerability.

Bad practice

import sendgrid

API_KEY = "HARDCODED_SENDGRID_API_TOKEN"
sg = sendgrid.SendGridAPIClient(api_key=API_KEY)

import sendgrid
import os

API_KEY = os.getenv('SENDGRID_API_KEY')
sg = sendgrid.SendGridAPIClient(api_key=API_KEY)