Hi, I think we should also consider some crypto methods in java library for this rule. For example,
javax.crypto.spec.SecretKeySpec. This class saves the secret key and it also cannot be initialized by hardcoded credetials.
new SecretKeySpec("HardcodedString".getBytes(), "AES");
I agree that it makes sense to support more methods like this one. The good news is that we are currently in the process of rethinking the different rules we have to deal with secrets. I don’t have anything to share with you for now, but this is definitely something we will consider.
By the way, if you have any list of such methods, it would be great to share them here.