Not in .env files next to your code that is exposed to supply chain risks.