Hardcoded JWT secret detected

Description

Code is not a secure place to store secrets, use environment variables instead.

Remediations

Use environment variables

  var jwt = require("jsonwebtoken");

var token = jwt.sign({ foo: "bar" }, process.env.JWT_SECRET);

Resources

Associated CWE

OWASP Top 10

Ready to take the next step? Join the Bearer Cloud waitlist.