Sirri (maɓallin API, kalmomin wucewa, tokina, maɓallai shiryayya) dole ne su kasansu ta hanya mai tsaro — kar a rubuta su a cikin code ko a kaddace su ga ikon sarrafa siɗi, amma a ajiye su da su samun damar amfani da su da tsaro. Rashin sarrafa sirri da kyau ita ce wani dangantaccen yanki mai tsaro na waje na taurin bakin haɗi.
Doka na koyaushe: kar a rubuta sirri ko a kaddace shi
❌ NEVER hardcode secrets in source code or commit them to Git:
→ committed secrets are in the repo HISTORY (exposed even if "removed" later)
→ public repos / leaks expose them to attackers (bots scan GitHub for keys constantly)
→ a TOP cause of breaches (leaked AWS keys, database passwords, API tokens)
⚠️ If a secret IS committed/leaked → ROTATE it immediately (it's compromised)
