Secrets Management
Use a secrets manager; never store secrets in env files or code
CLAUDE.md
Use a secrets manager (Vault, AWS Secrets Manager, etc.) for production secrets. Never commit .env files, and don’t rely on environment variables alone, since they can leak through logs and process listings.
Copy this block into your CLAUDE.md or agent config file to enforce it in your workflow.