Hardcoded passwords

Detects potential security tokens or passwords in comments using entropy analysis and regular expressions.

This inspection utilizes entropy analysis and regular expressions to scan the codebase for strings that resemble security tokens or passwords. It highlights these findings, helping developers identify and secure potential vulnerabilities. The inspection's effectiveness relies on the patterns defined in its configuration, making it adaptable to different coding environments and requirements.

// Example of a regular expression pattern used for detection:
/[0-9]+:AA[0-9A-Za-z\-_]{33}/

Locating this inspection

By ID

Can be used to locate inspection in e.g. Qodana configuration files, where you can quickly enable or disable it, or adjust its settings.

HardcodedPasswords

Via Settings dialog

Path to the inspection settings via IntelliJ Platform IDE Settings dialog, when you need to adjust inspection settings directly from your IDE.

Settings or Preferences | Editor | Inspections | Security

Text after this comment will only be shown in the settings of the inspection.

Suppressing Inspection

You can suppress this inspection by placing the following comment marker before the code fragment where you no longer want messages from this inspection to appear:

//noinspection HardcodedPasswords

More detailed instructions as well as other ways and options that you have can be found in the product documentation:

Inspection Details
By default bundled with:	Qodana for JVM 2025.2,

Last modified: 18 September 2025