In addition to what others are saying, for many types of secrets (API credentials, salts, keys, etc.) it's good practice to make them different in production vs development. This has the advantage of keeping your production secrets in the domain of ops, and your developers never even need to have them.
This is built on the assumption that you only ever have one set of secrets, or that you don't mind distributing your prod secrets to your engineers, both of which I would consider to be bad practice.
This is built on the assumption that you only ever have one set of secrets, or that you don't mind distributing your prod secrets to your engineers, both of which I would consider to be bad practice.