Code Room
Code reviewMediumcr-g033
Subject Hardcoded secretsLevel Mid–Senior~20 minCommon in Security interviewsIndustries Software development

Question

Review this Go service initializer.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewgo
const (    stripeSecretKey = "sk_live_51Hcd...REDACTEDxYz"    jwtSigningKey   = "s3cr3t-signing-key") func NewServer() *Server {    sc := stripe.NewClient(stripeSecretKey)    return &Server{        stripe: sc,        signJWT: func(claims Claims) string {            return jwt.NewWithClaims(jwt.SigningMethodHS256, claims).SignedString([]byte(jwtSigningKey))        },    }}
Run or narrate your approach, then ask the coach.