Secrets — Database Credentials

PostgreSQL, MySQL, MongoDB, Redis and other connection strings with embedded credentials.

All rules in this category are kind secrets. They run under vulnetix secrets and the secrets stage of vulnetix scan.

Rule ID	Name	Severity	Detection
VNX-SEC-561	Snowflake account identifier + password connection	Critical	keyword + regex
VNX-SEC-562	Snowflake programmatic access token	Critical	keyword + regex + entropy
VNX-SEC-563	Databricks personal access token	Critical	keyword + regex
VNX-SEC-564	PlanetScale service token	Critical	keyword + regex
VNX-SEC-565	PlanetScale database password	Critical	keyword + regex
VNX-SEC-566	Neon database connection string	Critical	keyword + regex
VNX-SEC-567	Neon API key	High	keyword + regex
VNX-SEC-568	CockroachDB Cloud connection string	Critical	keyword + regex
VNX-SEC-569	FaunaDB secret key	Critical	keyword + regex
VNX-SEC-570	InfluxDB v2 API token	High	keyword + regex + entropy
VNX-SEC-571	InfluxDB v1 user:password connection	High	keyword + regex
VNX-SEC-572	Elastic Cloud API key (base64)	High	keyword + regex + entropy
VNX-SEC-573	Elastic Cloud ID	Medium	keyword + regex + entropy
VNX-SEC-574	MongoDB Atlas API public key	Medium	keyword + regex + entropy
VNX-SEC-575	MongoDB Atlas API private key	Critical	keyword + regex
VNX-SEC-576	Upstash Redis REST token	High	keyword + regex + entropy
VNX-SEC-577	Redis Cloud / rediss URL with password	High	keyword + regex
VNX-SEC-578	RabbitMQ AMQP URL with credentials	High	keyword + regex
VNX-SEC-579	Confluent Cloud API key	High	keyword + regex + entropy
VNX-SEC-580	Confluent Cloud API secret	Critical	keyword + regex + entropy
VNX-SEC-581	Cloudinary URL with API secret	Critical	keyword + regex
VNX-SEC-582	Mux access token ID	Medium	keyword + regex
VNX-SEC-583	Mux access token secret	Critical	keyword + regex + entropy
VNX-SEC-584	Bunny CDN API / storage key	High	keyword + regex
VNX-SEC-585	ImageKit private key	Critical	keyword + regex
VNX-SEC-586	Filestack API key	High	keyword + regex + entropy
VNX-SEC-587	Uploadcare secret key	Critical	keyword + regex + entropy
VNX-SEC-588	Uploadcare public key	Medium	keyword + regex + entropy
VNX-SEC-589	AWS RDS / Aurora connection string	Critical	keyword + regex
VNX-SEC-590	ClickHouse connection string with password	High	keyword + regex
VNX-SEC-591	TimescaleDB Cloud connection string	Critical	keyword + regex
VNX-SEC-592	SingleStore connection string with password	High	keyword + regex
VNX-SEC-593	DataStax Astra DB token	Critical	keyword + regex
VNX-SEC-594	Couchbase connection string with password	High	keyword + regex
VNX-SEC-595	Neo4j Aura connection string with password	Critical	keyword + regex
VNX-SEC-596	ArangoDB connection string with password	High	keyword + regex
VNX-SEC-597	Memcached SASL connection with credentials	Medium	keyword + regex
VNX-SEC-598	MSSQL connection string with password	Critical	keyword + regex
VNX-SEC-599	Oracle DB connection string with password	Critical	keyword + regex
VNX-SEC-600	Cassandra connection string with password	High	keyword + regex
VNX-SEC-601	Snowflake key-pair private key (JWT auth)	Critical	keyword + regex
VNX-SEC-602	Databricks OAuth client secret	Critical	keyword + regex
VNX-SEC-628	Upstash Kafka REST password	High	keyword + regex + entropy
VNX-SEC-629	MongoDB Atlas SRV connection with password	Critical	keyword + regex
VNX-SEC-630	Snowflake account locator + region	Medium	keyword + regex
VNX-SEC-631	Redis Cloud / Upstash REST URL (https with token)	High	keyword + regex
VNX-SEC-635	ScyllaDB Cloud connection string with password	High	keyword + regex
VNX-SEC-636	Aiven service connection string with password	Critical	keyword + regex
VNX-SEC-637	Aiven API token	Critical	keyword + regex

Remediation

Rotate any exposed credential immediately, remove it from source, and load it from a secrets manager or environment variable instead. Purge it from git history with git filter-repo. See CWE-798 and the OWASP Secrets Management Cheat Sheet.