Nate recommends keeping them in a .env file and never pushing it to your git repo (add it to .gitignore).
But in another community, people told me to use a free tool called Doppler to centralize all API keys.
Which approach do you trust more, and why?
Anyone running Doppler in production? ๐