diff --git a/rules/S6418/php/metadata.json b/rules/S6418/php/metadata.json
new file mode 100644
index 00000000000..7a73a41bfdf
--- /dev/null
+++ b/rules/S6418/php/metadata.json
@@ -0,0 +1,2 @@
+{
+}
\ No newline at end of file
diff --git a/rules/S6418/php/rule.adoc b/rules/S6418/php/rule.adoc
new file mode 100644
index 00000000000..148341226e4
--- /dev/null
+++ b/rules/S6418/php/rule.adoc
@@ -0,0 +1,56 @@
+include::../description.adoc[]
+
+include::../ask-yourself.adoc[]
+
+include::../recommended.adoc[]
+
+== Sensitive Code Example
+
+[source,php,diff-id=1,diff-type=noncompliant]
+----
+$secret = '47828a8dd77ee1eb9dde2d5e93cb221ce8c32b37';
+MyClass->callMyService($secret);
+----
+
+== Compliant Solution
+
+Using https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/php/example_code/secretsmanager[AWS Secrets Manager]:
+
+[source,php,diff-id=1,diff-type=compliant]
+----
+use Aws\SecretsManager\SecretsManagerClient;
+use Aws\Exception\AwsException;
+$client = new SecretsManagerClient(...);
+$secretName = 'example';
+doSomething($client, $secretName)
+function doSomething($client, $secretName) {
+    try {
+        $result = $client->getSecretValue([
+            'SecretId' => $secretName,
+        ]);
+    } catch (AwsException $e) {
+    ...
+    }
+    if (isset($result['SecretString'])) {
+        $secret = $result['SecretString'];
+    } else {
+        $secret = base64_decode($result['SecretBinary']);
+    }
+    // do something with the secret
+    MyClass->callMyService($secret);
+}
+----
+
+include::../see.adoc[]
+
+ifdef::env-github,rspecator-view[]
+'''
+== Implementation Specification
+(visible only on this page)
+
+include::../message.adoc[]
+
+include::../parameters.adoc[]
+
+'''
+endif::env-github,rspecator-view[]