Below is the GO code used from client library to connect to Cloud foundry.
c := &cfclient.Config{
ApiAddress: "https://x.y.z.cloud",
Username: "admin",
Password: "admin",
}
client, _ := cfclient.NewClient(c)
This source code becomes vulnerable due to readable password, going in source control.
Currently the app using above code, is running outside Cloud foundry(PAAS).
AWS cloud(IAAS) introduced the concept called roles that allow access without credentials.
What is the best practice to avoid visible password in source code? Does CredHub credential configuration help client library connect in secure way?