secret-scanner-flags-test-passwords-use-labeled-constants
The pre-commit secret scanner flags string literals containing passwords in test files, even obviously synthetic values like TestPass123!. The fix is to assign test credentials to module-level labeled constants (e.g., TEST_USER_PASSWORD = "TestPass123!"); the scanner recognizes these as test-only fixtures and does not block the commit. Never inline credential-like strings in test function bodies.
Related
- test-password-strings-trigger-secret-scanner-false-positives
- secret-scanner-flags-test-passwords-without-constant-label
- alembic-ini-dev-db-url-triggers-secret-scanner
- alembic-ini-must-have-empty-db-url-use-env-var
- git-secret-scanner-blocks-alembic-ini-db-url
- integration-test-passwords-flag-secret-scanner
- test-credential-literals-flagged-by-secret-scanner
- test-fixture-passwords-flagged-by-secret-scanner
- pytest-hardcoded-passwords-trigger-secret-scanner
- pytest-test-passwords-trigger-secret-scanner-false-positive
- module-level-env-reads-with-dev-fallback-bypass-runtime-conf