Misplaced Secret
Production secret is stored in a development vault
Description
Production secrets should not be stored in a development vault as it could lead to security issues, and it's best to keep them separate from production secrets for the safety of your customer's data and your company's reputation.

Risk triggers
-
Secret containing any “PROD” related string in the name
-
Correlated production token inside a development vault (Vault read permissions required)
Mitigation
Secrets should be placed in the correct vault.
Secrets from different environments should never exist in the same vault. Place the affected secrets in the correct vault that fits their environment.
-
Step 1:
- In the case of both dev and production infrastructure residing in the same cloud accounts, you can discard these risks, despite it’s highly recommended to avoid these situations which can be devastating in case of a breach.
-
Step 2:
- Assign the affected secret in the correct vault.