2.10.4 TODOΒΆ
Verify passwords, integrations with databases and third-party systems, seeds and internal secrets, and API keys are managed securely and not included in the source code or stored within source code repositories. Such storage SHOULD resist offline attacks. The use of a secure software key store (L1), hardware trusted platform module (TPM), or a hardware security module (L3) is recommended for password storage.
| Level 1 | |
| Level 2 | OS assisted |
| Level 3 | HSM |
| CWE | NIST |
|---|---|
| 798 |