diff --git a/rules/S6769/metadata.json b/rules/S6769/metadata.json
new file mode 100644
index 00000000000..9e26dfeeb6e
--- /dev/null
+++ b/rules/S6769/metadata.json
@@ -0,0 +1 @@
+{}
\ No newline at end of file
diff --git a/rules/S6769/secrets/metadata.json b/rules/S6769/secrets/metadata.json
new file mode 100644
index 00000000000..59cf0e78959
--- /dev/null
+++ b/rules/S6769/secrets/metadata.json
@@ -0,0 +1,56 @@
+{
+  "title": "Shopify tokens should not be disclosed",
+  "type": "VULNERABILITY",
+  "code": {
+    "impacts": {
+      "SECURITY": "HIGH"
+    },
+    "attribute": "TRUSTWORTHY"
+  },
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "30min"
+  },
+  "tags": [
+    "cwe",
+    "cert"
+  ],
+  "extra": {
+    "replacementRules": []
+  },
+  "defaultSeverity": "Blocker",
+  "ruleSpecification": "RSPEC-6769",
+  "sqKey": "S6769",
+  "scope": "All",
+  "securityStandards": {
+    "CWE": [
+      798,
+      259
+    ],
+    "OWASP": [
+      "A3"
+    ],
+    "CERT": [
+      "MSC03-J."
+    ],
+    "OWASP Top 10 2021": [
+      "A7"
+    ],
+    "PCI DSS 3.2": [
+      "6.5.10"
+    ],
+    "PCI DSS 4.0": [
+      "6.2.4"
+    ],
+    "ASVS 4.0": [
+      "2.10.4",
+      "3.5.2",
+      "6.4.1"
+    ]
+  },
+  "defaultQualityProfiles": [
+    "Sonar way"
+  ],
+  "quickfix": "unknown"
+}
\ No newline at end of file
diff --git a/rules/S6769/secrets/rule.adoc b/rules/S6769/secrets/rule.adoc
new file mode 100644
index 00000000000..29eb44fcec4
--- /dev/null
+++ b/rules/S6769/secrets/rule.adoc
@@ -0,0 +1,65 @@
+include::../../../shared_content/secrets/description.adoc[]
+
+== Why is this an issue?
+
+include::../../../shared_content/secrets/rationale.adoc[]
+
+If an attacker gains access to a Shopify app token or a Shopify Partners token, they might be able to compromise the Shopify environment linked to this token. As this environment typically contains both important financial data and the personal information of clients, a breach by a malicious entity could have a serious impact on the organization.
+
+=== What is the potential impact?
+
+Shopify contains both important information about customers, as well as financial information in general. If an attacker manages to get access to either of those through a leaked secret, they could severely impact the business in multiple ways. 
+
+include::../../../shared_content/secrets/impact/personal_data_compromise.adoc[]
+
+Furthermore, the personal identifiable information contained by the Shopify platform could be used for phishing. Not sufficiently protecting the sensitive information of clients, such as addresses, email addresses and even financial information, can directly hurt these clients and will also hurt the reputation of the organization.
+
+include::../../../shared_content/secrets/impact/disclosure_of_financial_data.adoc[]
+
+== How to fix it
+
+include::../../../shared_content/secrets/fix/revoke.adoc[]
+
+include::../../../shared_content/secrets/fix/vault.adoc[]
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,python,diff-id=1,diff-type=noncompliant]
+----
+import requests
+
+token = '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'  # Noncompliant
+response = requests.get('https://test-shop.myshopify.com/admin/api/2021-07/shop.json', headers={
+    'X-Shopify-Access-Token': token,
+    'Content-Type': 'application/json'
+})
+----
+
+==== Compliant solution
+
+[source,python,diff-id=1,diff-type=compliant]
+----
+import requests
+
+token = os.getenv('SHOPIFY_ACCESS_TOKEN')
+response = requests.get('https://test-shop.myshopify.com/admin/api/2021-07/shop.json', headers={
+    'X-Shopify-Access-Token': token,
+    'Content-Type': 'application/json'
+})
+----
+
+//=== How does this work?
+
+//=== Pitfalls
+
+//=== Going the extra mile
+
+== Resources
+
+=== Documentation
+
+Shopify.dev docs - https://shopify.dev/docs/apps/auth/admin-app-access-tokens#requirements[Access tokens for custom apps in the Shopify admin]
+
+include::../../../shared_content/secrets/resources/standards.adoc[]
diff --git a/shared_content/secrets/impact/disclosure_of_financial_data.adoc b/shared_content/secrets/impact/disclosure_of_financial_data.adoc
new file mode 100644
index 00000000000..789cd449c7c
--- /dev/null
+++ b/shared_content/secrets/impact/disclosure_of_financial_data.adoc
@@ -0,0 +1,5 @@
+==== Disclosure of financial data
+
+When an attacker gains access to an organization's financial information, it can have severe consequences for the organization. One of the primary concerns is the potential leakage of sensitive financial data. This information may include bank account details, credit card information, or confidential financial reports. If this data falls into the wrong hands, it can be used for malicious purposes such as identity theft, unauthorized access to financial accounts, or even blackmail.
+
+The disclosure of financial information can also lead to a loss of confidence and damage the organization's reputation with its stakeholders. Customers, partners, and investors place trust in organizations to protect their financial data. In case of a breach, customers may be hesitant to continue doing business with this company, leading to a loss of revenue and market share. Similarly, partners and investors may reconsider their long-term collaborations or investments due to concerns about the organization's overall security posture.