Stop Putting API Keys in Your Shell Config
We all know better. Don’t hardcode secrets. Use a vault. Rotate your keys. We’ve been saying this for years. And then the agentic coding boom happened. Suddenly every tool wants an API key. OpenAI, Anthropic, Gemini, Groq, Mistral, Replicate—the list grows weekly. And where do those keys end up? Right there in .zshrc, in plain text, because you needed it working right now and you were going to fix it later. ...