Choose Your Learning Path

Each demo layers on more resilient techniques. Work through them in order to experience the mindset shift from insecure quick fixes to production-ready secrets management.

Hardcoded Secrets

Hands-on, scenario-driven walkthrough

Critical Risk

Witness how quickly a leaked repository escalates into a full compromise when secrets live in code.

Key Takeaways

  • Secrets instantly exposed to every collaborator
  • Impossible to rotate without new deployments
  • Audit trails show secrets copied into logs and crash reports
Enter Demo

Shared Secrets Files

Hands-on, scenario-driven walkthrough

Medium Risk

Explore JSON/YAML secrets files, why teams adopt them, and where the approach begins to crumble.

Key Takeaways

  • Version history never forgets the first commit
  • Operational burden to keep every environment aligned
  • Difficult to enforce least-privilege access controls
Enter Demo

Environment Variables

Hands-on, scenario-driven walkthrough

Best Practice

Learn the recommended pattern for local, CI, and production environments with validation and rotation tips.

Key Takeaways

  • Secrets never enter the repository
  • Different environments receive scoped credentials
  • Supports automated rotation and incident response playbooks
Enter Demo

How to Use the Demos

Follow the sequence to understand the progression from insecure to secure patterns.

  1. Run each interactive demo and review the console output to see how secrets leak or remain protected.
  2. Read the linked incident stories — every insecure example mirrors a real-world breach.
  3. Apply the remediation steps and compare them against your current project or organization.
  4. Document required environment variables using the provided templates before sharing with your team.

Tutorial Roadmap

0 / 6 completed
1. Foundations
Upcoming

Understand why secrets matter and how the guide is structured.

2. Hardcoded Secrets
Upcoming

See why embedding credentials in code is catastrophic.

3. Shared Secrets
Upcoming

Evaluate repository-based secrets and their tradeoffs.

4. Environment Variables
Upcoming

Implement .env-based secrets with validation and deployment tips.

5. Comparison
Upcoming

Compare approaches side-by-side across risk dimensions.

6. Best Practices
Upcoming

Adopt enterprise-grade processes for long-term governance.

Before You Begin

  • Skim the README to understand the project structure
  • Run bun run build:pages once to ensure tooling works
  • List the secrets used by your real-world applications

After Each Demo

  • Create remediation tickets for insecure patterns
  • Share lessons learned with your broader engineering team
  • Schedule a follow-up to verify the new workflow is adopted

Assessment Criteria

  • You can explain the risks of each approach to a stakeholder
  • Your repo contains validated .env templates instead of secrets
  • Rotation and incident response playbooks are documented
  • You have monitoring in place for secrets regressions