Credo.Check.Warning.LeakyEnvironment (Credo v1.5.0) View Source

This check has a base priority of high and works with any version of Elixir.

Explanation

OS child processes inherit the environment of their parent process. This includes sensitive configuration parameters, such as credentials. To minimize the risk of such values leaking, clear or overwrite them when spawning executables.

The functions System.cmd/2 and System.cmd/3 allow environment variables be cleared by setting their value to nil:

System.cmd("env", [], env: %{"DB_PASSWORD" => nil})

Configuration parameters

There are no specific parameters for this check.

Like with all checks, general params can be applied.

Parameters can be configured via the .credo.exs config file.