Agent Network Best Practices

general > no-inline-secrets

Guidance

This rule validates that sensitive credentials like client secrets aren't hard-coded directly into connection authentication configurations. They must be referenced through variable expressions. Inline secrets in configuration files cause significant security risks. These risks include being exposed in version control systems, logs, backups of configuration, and being able to get into sensitive credentials without permission. Variable references manage secrets through secure secret management systems, environment variables, or encrypted configuration stores. They follow security best practices for credential management. This rule specifically checks client secret values in connection authentication specifications. It requires the variable expression pattern instead of literal secret values. Validation applies to all connection definitions in Agent Network specifications. It maintains secure credential management practices across the network.

Message

Secrets must not be inline, they should be declared in variables

Applies to Connection

Constraint

Type: Declarative Validation