}
		headers = {"kid": credentials["kid"]}
		return jwt.encode(
		payload, credentials["privateKey"], algorithm="RS512", headers=headers # nosemgrep "privateKey" is just the key for the dictionary

Code scanning / semgrep

Semgrep Finding: python.jwt.security.jwt-hardcode.jwt-python-hardcoded-secret

Hardcoded JWT secret or private key is used. This is a Insufficiently Protected Credentials weakness: https://cwe.mitre.org/data/definitions/522.html Consider using an appropriate security mechanism to protect the credentials (e.g. keeping secrets in environment variables)