KIRO-006: Secrets Detected in Steering File - Kiro Steering

Summary

• Rule ID: KIRO-006
• Severity: HIGH
• Category: Kiro Steering
• Normative Level: MUST
• Auto-Fix: No
• Verified On: 2026-03-02

Applicability

• Tool: kiro
• Version Range: unspecified
• Spec Revision: unspecified

Evidence Sources

• https://kiro.dev/docs/steering/

Test Coverage Metadata

• Unit tests: true
• Fixture tests: true
• E2E tests: false

Examples

The following examples demonstrate what triggers this rule and how to fix it.

Invalid

---
inclusion: always
---
API_KEY=hardcoded-secret-123

Valid

---
inclusion: always
---
Use ${API_KEY} from the environment at runtime.