secrets-handling
Secrets Handling
Overview
Never hardcode secrets. Never commit secrets. Never log secrets.
Secrets in code end up in version control, logs, error messages, and eventually in attackers' hands.
When to Use
- Working with API keys, tokens, passwords
- Configuring database connections
- Setting up third-party service credentials
- Asked to "just hardcode it for now"
The Iron Rule
NEVER put secrets in source code.
More from yanko-belov/code-craft
dont-repeat-yourself
Use when writing similar code in multiple places. Use when copy-pasting code. Use when making the same change in multiple locations.
84lazy-loading
Use when loading all data upfront. Use when initial page load is slow. Use when fetching data that might not be needed.
54keep-it-simple
Use when tempted to write clever code. Use when solution feels complex. Use when showing off skills instead of solving problems.
51separation-of-concerns
Use when component does too many things. Use when mixing data fetching, logic, and presentation. Use when code is hard to test.
44single-responsibility-principle
Use when creating or modifying classes, modules, or functions. Use when feeling pressure to add functionality to existing code. Use when class has multiple reasons to change.
39fail-fast
Use when handling errors. Use when tempted to catch and swallow exceptions. Use when returning default values to hide failures.
35