[mkl95]

A manager once asked me to rewrite a bunch of tests written by some former employee, because a security tool was complaining about hardcoded credentials. My guess is that he wanted to satisfy some OKR about how many security issues reported by that tool had been "fixed". Probably the most ridiculous thing I've done.

[beardedwizard]

So you think hard coding credentials, or other variables for that matter, is a good idea?

[astrange]

If those were unit tests they weren't real credentials.

[manicdee]

How do you test the rules about passwords containing at least one uppercase letter, one number and one special character if you don’t test with passwords that definitely do not contain those characters?

[mkl95]

I don't think it's a bad or good idea, it depends. In that case they were harmless. For comparison, some people shared passwords on Slack and email in plain text.