Siri (funguo za API, neno la siri, tokens, funguo za encryption) lazima zisimamwe salama — kamwe hazicoded katika kod au committed kwa kontroli ya toleo, lakini kuhifadhiwa na kufikiliwa kwa usalama. Usimamizi dhaifu wa siri ni chanzo cha kawaida, kikubwa cha uvunjaji.
Kanuni ya msingi: kamwe usicheze siri au ku-commit siri
❌ NEVER hardcode secrets in source code or commit them to Git:
→ committed secrets are in the repo HISTORY (exposed even if "removed" later)
→ public repos / leaks expose them to attackers (bots scan GitHub for keys constantly)
→ a TOP cause of breaches (leaked AWS keys, database passwords, API tokens)
⚠️ If a secret IS committed/leaked → ROTATE it immediately (it's compromised)
