Hardcoded client secret in configuration

AI security governance · MCP security

Severity

critical

What it is

The OAuth client secret is hardcoded in the configuration file rather than referenced via an environment variable.

How Igris detects it

Igris's OAuth Configuration Checker flags this during MCP security scans of your configuration.

References

Related MCP security rules

Secure your AI estate with Igris