- **Epistemic status:** #seedlings Never leave personally identifiable information (PII), financial data, passwords, or other credentials in plain text. Doesn't matter if it is in a database or an external file. Encryption offers a level of security if the data ever gets exposed. Furthermore, In version control don't check in secrets, [[Application Programming Interface (API)]] keys, [[SSH]] keys, encryption passwords, or other credentials. You can manage keys and secrets separately via config files or environment variables as part of the build and deployment process. --- ## References - Thomas, David, and Andrew Hunt. _The Pragmatic Programmer, 20th Anniversary Edition: Journey to Mastery_. Second edition. Boston: Addison-Wesley, 2019.