I’m building a simple app for internal use, i.e. not shared. The App calls an external API endpoint which requires an API key. Also there is a staging and a production endpoint.
I have read about GobalConfig, but all the docs say do not store sensitive information here. There is no guidance on where to store sensitive data. Please can someone tell me where I store credentials for an external API and also how I can use something like environment variables to swap the stage/prod endpoint and stage/prod API key.