There are tools for keeping secrets inversion control to like certain vaults, right? Like hash a corp has something and we've had some sponsors to talk Python. If you have to be more careful about your secret, it makes sense to use an external tool. But if a lot of those things can be mitigated by setting up the API keys properly, for example,. And that way you don't spin up 1000 servers mining Bitcoins for you. So there are different ways to mitigate depends on what's the level of risk. The easiest thing is to use the environment.