# ST-SEC-007 - SecureString Argument Usage

> **Rule ID**: `ST-SEC-007`

**Rule ID**: `ST-SEC-007`

**Scope**: Workflow

## Description

This rule checks whether **SecureString** type arguments are used in the workflow. This string type should be used for storing potentially sensitive strings.

Read more about **SecureString** [here](https://docs.microsoft.com/en-us/dotnet/api/system.security.securestring?view=netframework-4.8).

## Recommendation

The **SecureString** type should not be used for any purpose other than the intended one. The scope of such variables should be very limited, ideally in the same scope where they were created. This means that arguments should not be used to pass credentials from one workflow to another. Variables containing credentials should be defined at the narrowest scope possible.

Once a **SecureString** is retrieved, it should be used to log into applications by using the **Type Secure Text** activity for regular applications, or the **Send Keys Secure** activity for terminals. Read more about **SecureString** [here](https://docs.microsoft.com/en-us/dotnet/api/system.security.securestring?view=netframework-4.8).

![docs image](https://dev-assets.cms.uipath.com/assets/images/studio/studio-docs-image-168149-e39bc958.webp)