use https://yoursonarinstance/coding_rules for searching rules available in a running Sonarqube instance.
Otherwise use https://rules.sonarsource.com/ if you have no Sonarqube instance (yet) and need to know which rules are available overall.
There is a rule “Credentials should not be hardcoded” available for several languages, but not
for xml AFAIK.
the rules are provided by the language plugins, e.g. Sonar Java which is also contained in
Sonarqube Community Edition.
This rule is available for quite some time afaik.
Did you search like that ? https://yoursonarinstanfe/coding_rules?q=credentials
As already written in the answer to your other posting you should update your Sonarqube version ASAP.
A current Sonarqube version is also able to run recent versions of the language scanners.