1Never Hardcode Secrets
If you push an AWS access key or a database password to GitHub, bots will scrape it in seconds and rack up a $50,000 bill on your account. Always use 'process.env.SECRET' and keep your secrets in a local '.env' file that is added to your .gitignore.
