Documentation
FAQ: How should I handle data and secrets? in the NexoRouter documentation.
FAQ: How should I handle data and secrets?
Treat prompts, API keys, logs, and exported files as sensitive operational data.
API keys
- Store keys in environment variables or secret managers.
- Do not commit keys to Git.
- Rotate leaked keys immediately.
- Use separate keys per app or teammate.
Request data
- Avoid sending secrets inside prompts.
- Redact private data before sharing support examples.
- Share request IDs instead of full request bodies when possible.
Logs
Usage Logs help debug requests. Limit who can access account dashboards and exports.