# Secrets Anti-Patterns Review Checklist

* Any secrets in Git, images, Terraform state, Helm values, CI variables, or support bundles?
* Any long-lived cloud keys where workload identity or OIDC federation is available?
* Any shared secrets reused across environments or services?
* Any plaintext secrets logged, traced, or dumped in error output?
* Any backup archives stored without encryption or without key separation?
* Is rotation owner, cadence, overlap window, and rollback path documented?


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.product-security.expert/learning-labs-interview-and-templates/index/secrets-antipatterns-review-checklist.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.