Secrets & credential hygiene
Full workflow
Complete guide (limitations, CI, published lens): secrets-hygiene
Why use CCE
Secrets in environment variables and dotenv files are easy to deploy but hard to rotate and audit. Platform teams want KMS, Secrets Manager, or Parameter Store — but legacy os.environ and process.env usage hides in application code.
CCE maps modern secret backends vs legacy env-var access for remediation backlogs and compliance evidence.
Example command
cce -folder . -language AUTO -mapper-file https://releases.stackgen.com/cce/lenses/secrets-hygiene/latest/secrets-hygiene_lenses.yaml -filter all -format json -output secrets.json
Analysis recipe
This use case is registered as recipe secrets-hygiene — run with:
cce run -folder . -language AUTO -recipes secrets-hygiene -output secrets-hygiene.json
Published lens
https://releases.stackgen.com/cce/lenses/secrets-hygiene/latest/secrets-hygiene_lenses.yaml