Is-sikriti (API keys, passwords, tokens, encryption keys) għandu jkunu mmaniġġati b'mod sigur — qatt ma jkun kodifikat fil-kodiċi jew imkommu għall-version control, iżda maħżuna u aċċessati b'mod sigur. Immaniġġar ħażin ta' sikriti huwa sors komuni u serjuż ħafna tal-breaks.
Ir-regola kardinali: qatt ma kodifika jew imma sikriti
❌ NEVER hardcode secrets in source code or commit them to Git:
→ committed secrets are in the repo HISTORY (exposed even if "removed" later)
→ public repos / leaks expose them to attackers (bots scan GitHub for keys constantly)
→ a TOP cause of breaches (leaked AWS keys, database passwords, API tokens)
⚠️ If a secret IS committed/leaked → ROTATE it immediately (it's compromised)
