Root projects often make API calls to other systems via API keys. These keys need to be synced across developers and CI systems.
Root should provide some mechanism for storing and retrieving these keys in a safe and secure manner, as well as "mode" awareness (e.g. dev vs. staging vs. prod).
Once this system is set up, we should update docs to recommend a secure setup for Root CMS that involves separating API keys for development vs production, and restricting the keys to prevent unauthorized access.
Description
Root projects often make API calls to other systems via API keys. These keys need to be synced across developers and CI systems.
Root should provide some mechanism for storing and retrieving these keys in a safe and secure manner, as well as "mode" awareness (e.g. dev vs. staging vs. prod).
Once this system is set up, we should update docs to recommend a secure setup for Root CMS that involves separating API keys for development vs production, and restricting the keys to prevent unauthorized access.