AWS temporary access key ID
Part of Security, which counts for 30% of the overall score. When this check fires it deducts 15 points from that category, once per scan, no matter how many places it turns up.
What it detects
A temporary AWS access key ID (ASIA...) from STS was found. Temporary credentials still grant access until they expire and should never be committed.
Why it matters
A temporary AWS access key ID from STS still authenticates requests until it expires, which can be many hours. Committing it exposes whatever the underlying role can do for that window. Session credentials are meant to live only in memory, never in a file under version control.
How to fix it
Stop writing STS credentials to tracked files. Obtain them at runtime from the instance/role metadata or an assume-role call, and keep them in memory or an untracked location. Rotate the role session if the exposed credentials are still valid.
The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing
Does your repo trip this check?
Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.
Scan your repo