Secrets Management
keeping API keys out of the logs.
Secrets Management
NEVER put API keys in the State.
The State is often logged to disk. If you put api_key in the state, you just leaked it to your logs.
Scope Injection
Inject secrets at runtime via configurable or environment variables that are accessible to the Node execution context, but are not part of the state dictionary that gets returned.