It'd be nice if there was a setting for lint.flake8-bandit to be able to ignore specific argument names from getting flagged as hard-coded passwords.

My use-case is that I have a SecretsManager class with a method signature like

class SecretsManager:
    def get_secret_value(self, secret_id: str) -> Secret: ...

I created it to abstract out which secret management "backend" I was using when removing a ton of AWS-specific implementations and mostly stuck with the naming convention for boto3.SecretsManager.Client (which uses the argument name SecretId).

ruff will then end up flagging a S106 violation every time I retrieve any secret using secret_id as a keyword argument

Ideally, I could add a setting to my pyproject.toml like

[tool.ruff.lint.flake8-bandit]
hardcoded-password-ignore = ["secret_id"]

I'm not sure how common an issue this is since I only see 2 potentially related issues (here and here) (and none in the original flake8-bandit repo), but it would at least be nice for me personally.

I know anything touching the security related rules is pretty sensitive though since a false positive is far less costly than a false negative