Rúndinithe (eochracha API, pasfhocail, tokens, eochracha encriptíochta) ní mór a bhainistiú ar bhealach slán — ná cuir i gcode go crua iad nó ná comit chuig rialú leagain iad, ach stóráil agus rochtain ar bhealach sábháilte orthu. Is foinse choiteann, dhubhach a bhainistiú rúndinithe go dona ar bhreaching.
An riail spréachta: ná cuir i gcode go crua ná ná comit rúndinithe
❌ NEVER hardcode secrets in source code or commit them to Git:
→ committed secrets are in the repo HISTORY (exposed even if "removed" later)
→ public repos / leaks expose them to attackers (bots scan GitHub for keys constantly)
→ a TOP cause of breaches (leaked AWS keys, database passwords, API tokens)
⚠️ If a secret IS committed/leaked → ROTATE it immediately (it's compromised)
