... This morning I opened my inbox to find an alert from GitGuardian about a leaked key. My first thought: Great, another phishing email. Nearly deleted it on the spot. Then I realized yesterday when I was using Cursor to bulk-update my scripts, I d left the API key in plain text Why did I do this? I m using Cursor to speed up script edits and testing endpoints having the key in the code felt convenient. But convenience often ... ... security, and this time I sacrificed security for speed. Where I m at now: Revoked that exposed key and generated a new one urgently. Shifted all secrets into environment variables, removing them from code. Planning to integrate the GitGuardian