Do not store secrets in plain text.
Do not hardcode sensitive data into VCS. Why:
- Anyone who has access to the version control system has access to that secret.
- Every computer that has access to the version control system keeps a copy of that secret. Including every computer involved in version control (GitHub, GitLab, BitBucket, CI (Jenkins, CircleCI, GitLab), deployment (including all pre-prod and prod environments), backup (CrashPlan, Time Machine) etc.
- Every piece of software you run has access to that secret.
- Thereβs no way to audit or revoke access to that secret.