Do not commit secrets, tokens, private keys, local credentials, or private customer data.

Report security issues through the private Cumulus security channel.

Do not open public issues for secrets or sensitive data.

• Remove the sensitive data from the working tree.
• Rotate any exposed credential.
• Add a regression check when possible.
• Document the fix in the changelog without repeating the secret.