Skip to content

Secrets & credential hygiene

Full workflow

Complete guide (limitations, CI, published lens): secrets-hygiene

Why use CCE

Secrets in environment variables and dotenv files are easy to deploy but hard to rotate and audit. Platform teams want KMS, Secrets Manager, or Parameter Store — but legacy os.environ and process.env usage hides in application code.

CCE maps modern secret backends vs legacy env-var access for remediation backlogs and compliance evidence.

Example command

cce -folder . -language AUTO -mapper-file https://releases.stackgen.com/cce/lenses/secrets-hygiene/latest/secrets-hygiene_lenses.yaml -filter all -format json -output secrets.json

Analysis recipe

This use case is registered as recipe secrets-hygiene — run with:

cce run -folder . -language AUTO -recipes secrets-hygiene -output secrets-hygiene.json

Published lens

https://releases.stackgen.com/cce/lenses/secrets-hygiene/latest/secrets-hygiene_lenses.yaml