Will It Vibe logoWill It Vibe?
SECRET-038High severity-15 points

AMQP connection string with credentials

Part of Security, which counts for 30% of the overall score. When this check fires it deducts 15 points from that category, once per scan, no matter how many places it turns up.

What it detects

An amqp:// or amqps:// URL embeds broker credentials. Anyone with the URL can publish to or consume from your message broker.

Why it matters

An amqp:// or amqps:// URL with credentials lets anyone with the URL publish to or consume from your message broker. That can mean injecting jobs, draining queues, or reading message contents. The credential stays in git history after removal.

How to fix it

Read the broker URL from an environment variable and fail fast if unset. Keep the real value untracked and in your secret store, and restrict broker network access. Rotate the broker user password afterward.

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Security checks