Rule Security

No Hardcoded Secrets

Never hardcode API keys, passwords, or tokens in source code

securitysecretsconfiguration

CLAUDE.md

Never hardcode API keys, passwords, or tokens in source code. Use environment variables or a secrets manager. Scan for accidentally committed secrets before every push.

Copy this block into your CLAUDE.md or agent config file to enforce it in your workflow.

get crystl