The moment you start integrating with external services — OpenAI, Stripe, Resend, anything — you have a secrets management problem. Your code lives on GitHub, and any key that ends up in your repo is a key that's about to get scraped and abused.
In this lesson we'll cover why secrets can never live in your code, introduce Rails encrypted credentials as the tool I use for every project, walk through maintaining a separate credentials file for each environment, and show the exact terminal command for editing them. The lesson closes with a short screen demo of the whole workflow.
- Why leaking a secret to GitHub can happen in minutes and cost real money
- How Rails encrypted credentials work — encrypted file in the repo, key outside of it
- Why I keep a separate credentials file for development, test, staging, and production
- The exact command for editing credentials in each environment