Security and secrets

Treat Cocoding AI prompts, screenshots, generated code, and project previews as product workspaces. Keep sensitive data out of places where it does not belong.

Do not paste

Production API keys.
OAuth client secrets.
Payment provider secret keys.
Database passwords.
Private customer data.
Confidential contracts or legal documents.
Internal infrastructure hostnames or credentials.

Safer patterns

Ask Cocoding AI to use environment variables.
Use test-mode provider keys during development.
Redact screenshots before uploading.
Rotate any credential that was accidentally exposed.
Keep production secrets in your approved secret manager.

Prompt example

Add Stripe checkout using environment variables for the secret key.
Use placeholder names in the code and document which environment variables are required.

Do not paste​

Safer patterns​

Prompt example​

Do not paste

Safer patterns

Prompt example