This article dives deep into the modern philosophy of configuration management, the twelve-factor methodology, security concerns, and the tools that define the landscape.
You should never put sensitive data, like database passwords or API keys, in your source code. Instead, you put them in a "config" file that stays on your secure server. config