OC-CFG-005: Hardcoded API Key - OpenCode
Summary
- Rule ID:
OC-CFG-005 - Severity:
HIGH - Category:
OpenCode - Normative Level:
MUST - Auto-Fix:
No - Verified On:
2026-03-02
Applicability
- Tool:
opencode - Version Range:
unspecified - Spec Revision:
unspecified
Evidence Sources
Test Coverage Metadata
- Unit tests:
true - Fixture tests:
true - E2E tests:
false
Examples
The following examples demonstrate what triggers this rule and how to fix it.
Invalid
{
"provider": { "options": { "apiKey": "sk-1234567890abcdef" } }
}
Valid
{
"provider": { "options": { "apiKey": "{env:OPENAI_API_KEY}" } }
}