SEC008warningPro

plaintext-secrets

Sensitive tokens stored without encryption in database schema

Applies to: Prisma, Python, TypeScript

Why this matters

Storing OAuth tokens, API keys, and other secrets in plaintext means a database breach exposes all credentials. Attackers can use these to access user calendars, send emails as users, or make API calls. Use field-level encryption or external secrets management.

Catch it before it ships

pip install stablestack # or: npx stablestackstablestack # scans your project, SEC008 includedstablestack explain SEC008

SEC008 is part of the Pro rule set. See pricing — the free tier ships 24 checks with no signup.

False positive in your codebase? Suppress a single line with # noqa: SEC008