Not every environment variable or config value is a secret, not every secret looks risky at first glance, and not every team treats secrets with the care they deserve. In software development, a secret is any sensitive value that helps systems prove who they are, what they're allowed to do, or where they're allowed to connect. These values live behind the scenes, quietly powering everything from logins to deployments to API requests. Secrets can include things like API keys, database credentials, OAuth tokens, encryption keys, and service account passwords. If someone gains access to them, they can impersonate a system, bypass restrictions, or pull down data that wasn't meant to be shared. Context matters when determining whether something is a secret; even seemingly innocuous values can become problematic if mishandled. The danger with secrets isn't that they exist but rather how they're often handled casually and the consequences of their exposure. Once a secret is leaked, it can cause data exfiltration, infrastructure compromise, broken deployments, or compliance issues, making it critical to understand what to protect and treat them with care.