Replying to @rid
You're right, that would be ideal in a vibecoded application, but this is not currently happening and millions of secrets do end up in production, more and more each year. Secret scanning can go a long way to prevent that. The app doesn't even have to be vibecoded, mistakes happen in traditional apps too, especially secrets that leak to the frontend when using isomorphic frameworks like Next.js or SvelteKit.
The scanner is free and open source. The Pro plan adds explanations for each found secret, instructing the AI or human what to do to fix it, plus variable tracking to help prevent secrets leaking to the frontend. Everything else is part of the free version. Pro costs $14/month.