Secrets Management
Use a secrets manager; never store secrets in env files or code
CLAUDE.md
Use a secrets manager (Vault, AWS Secrets Manager, etc.) for production secrets. Never commit .env files, and don’t rely on environment variables alone — they can leak through logs and process listings.
Copy this block into your CLAUDE.md or agent config file to enforce it in your workflow.