I have had a lot of people commenting on the fact that placing secret credentials or API keys in .env is not secure but instead providing API keys or secret keys from server
