diff --git a/pmd-java/src/main/resources/category/java/security.xml b/pmd-java/src/main/resources/category/java/security.xml
index 4d8ba3aa27..91a64a883b 100644
--- a/pmd-java/src/main/resources/category/java/security.xml
+++ b/pmd-java/src/main/resources/category/java/security.xml
@@ -37,30 +37,30 @@ public class Foo {
 }
 ]]>
         </example>
-	</rule>
+    </rule>
 
-	<rule name="HardCodedCryptoKey" since="6.3.0"
-		message="Do not use hard coded encryption keys"
-		class="net.sourceforge.pmd.lang.java.rule.security.HardCodedCryptoKeyRule"
-		externalInfoUrl="${pmd.website.baseurl}/pmd_rules_java_security.html#hardcodedcryptokey">
-		<description>
+    <rule name="HardCodedCryptoKey" since="6.3.0"
+          message="Do not use hard coded encryption keys"
+          class="net.sourceforge.pmd.lang.java.rule.security.HardCodedCryptoKeyRule"
+          externalInfoUrl="${pmd.website.baseurl}/pmd_rules_java_security.html#hardcodedcryptokey">
+        <description>
 Do not use hard coded values for cryptographic operations. Please store keys outside of source code.
         </description>
-		<priority>3</priority>
-		<example>
+        <priority>3</priority>
+        <example>
 <![CDATA[
 public class Foo {
     void good() {
-		SecretKeySpec secretKeySpec = new SecretKeySpec(Properties.getKey(), "AES");		
+        SecretKeySpec secretKeySpec = new SecretKeySpec(Properties.getKey(), "AES");
     }
 
     void bad() {
-		SecretKeySpec secretKeySpec = new SecretKeySpec("my secret here".getBytes(), "AES");
+        SecretKeySpec secretKeySpec = new SecretKeySpec("my secret here".getBytes(), "AES");
     }
 }
 ]]>
         </example>
-	</rule>
+    </rule>
 
 
 </ruleset>