Blog post Leaderboard MCP Deploy agents
Back to all reviewers

Secure credential management

n8n-io/n8n
Based on 1 comments
Txt

Never hardcode sensitive information like passwords, API keys, or access tokens directly in code or configuration files (including Dockerfiles). These credentials can be exposed through version control systems, shared images, or when files are accessed by unauthorized users.

Security Txt

Reviewer Prompt

Never hardcode sensitive information like passwords, API keys, or access tokens directly in code or configuration files (including Dockerfiles). These credentials can be exposed through version control systems, shared images, or when files are accessed by unauthorized users.

Instead:

  • Use environment variables to inject sensitive values at runtime
  • Implement Docker secrets for container deployments
  • Utilize secure credential management systems for storing sensitive information

Example - Insecure:

# Dockerfile.prod
FROM nginx:latest
ENV ADMIN_PASSWORD=supersecret123

Example - Secure:

# Dockerfile.prod
FROM nginx:latest
ENV ADMIN_PASSWORD=${ADMIN_PASSWORD}
# Password will be passed at build/runtime, not stored in file
1
Comments Analyzed
Txt
Primary Language
Security
Category

Source Discussions