Stop Storing API Keys and Tokens in Random Places

The post highlights a common issue where API keys and tokens are stored in insecure locations like .env files, Slack messages, notes apps, screenshots, or personal password managers. The author is testing a local-only secrets vault (Chrome-based, encrypted at rest, with no hosted backend) to reduce accidental exposure. They ask how others handle this problem, including whether they use password managers, cloud secret managers, .env files, or other methods. The discussion seeks practical solutions and real-world risks observed in teams.