Documentation
API keys
Generate scoped keys for environments, rotate them safely, and audit their use.
Create one key per environment and application boundary. Prefer read/write separation for internal tooling.
Good practice
- Store keys in a secret manager
- Rotate keys during planned releases
- Revoke any credential tied to a leaked build or laptop