Hardcoded ActiveRecord Encryption Key
Description
The code contains a hardcoded ActiveRecord encryption key, which is a security risk as it can be accessed by unauthorized users.
Examples
Insecure Code
ruby
config.active_record.encryption.primary_key = "my_hardcoded_key"Secure Code
ruby
config.active_record.encryption.primary_key = ENV['ENCRYPTION_KEY']Remediation
Store the encryption key securely, such as in an environment variable or a secure secrets management system.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0763 |
| Category | Secrets |
| Severity | CRITICAL |
| CWE | CWE-798 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | HIGH |
| Exploitability | EASY |
| Tags | hardcoded, encryption, activerecord |
| OWASP | N/A |