Security Model

Public templates must never contain API keys or tokens.

Secrets belong in private environment files when future backend services exist.