SEC-5: Hardcoded Secrets
Summary
SEC-5 highlights Make.com scenarios and n8n workflows where sensitive values may have been placed directly into configuration instead of a safer managed location. FlowBeacon uses this policy to reduce exposure, cleanup effort, and long-term credential risk.
Severity: Critical · Category: Security · Platforms: Make.com, n8n
What FlowBeacon Reviews
- Whether automation configuration appears to contain embedded sensitive access values.
- Whether connection handling may be bypassing safer managed storage patterns.
- Whether exposed configuration could create unnecessary security or support risk.
Why This Matters
- Hardcoded secrets are easy to copy, forget, and leak during support or handoff.
- Once sensitive values are spread through configuration, cleanup becomes harder.
- Managed storage patterns are safer to rotate, review, and govern.
If This Policy Is Flagged
- Remove sensitive values from automation configuration as quickly as possible.
- Move access into approved managed connections or secure secret storage.
- Rotate any value that may have been exposed longer than intended.
- Re-run the evaluation after the automation no longer stores secrets directly.
Why Users Care
- Teams reduce one of the most preventable security risks in automation design.
- Handoffs become safer because credentials are not buried in operational logic.
- Security reviews move faster when access is stored in cleaner, managed ways.