Workshop

You need AI help, and the tool needs a secret

You're debugging or building with AI and the tool needs:

an API token
a password
a .env value
a database credential

What do you do next?

Activity

Safe or unsafe?

Scenario	Verdict
Paste an API key into chat to help debug	Unsafe
Use 1Password CLI to load a secret into an env var	Safe
Use a personal account for a company token	Unsafe
Use Lovable's secret manager	Safe
Paste a `.env` file into a prompt "just for a minute"	Unsafe

Press R to reveal answers one at a time

The Rule

Don't paste secrets into chat.
Use approved secret flows.

Never

Paste secrets into chat
Paste into collaborative workspaces
Use personal accounts for company secrets
Paste secrets into prompts, docs, tickets, or screenshots

Instead

Store secrets in 1Password
Use CLI, secret references, or env vars
Use tool-native secret managers
Use company-approved accounts and tools

Chat is not a secret manager

Hands-on

1Password CLI → env var → coding tool

1

Sign in to 1Password CLI

2

Retrieve the secret safely

3

Load it into an environment variable

4

Use it in an approved coding tool

5

Never paste the raw value into the prompt

The pattern

Secret Manager → Approved Retrieval → Approved Tool

Copy Secret → Paste into Chat

Cheat Sheet

If you're doing X, use Y

If you are doing…	Use…	Avoid…
AI-assisted coding in terminal	1Password CLI + approved coding tool	pasting token into chat
Browser-based workflow	1Password browser extension / autofill	manual copy-paste
App builder workflow	Lovable secret manager	putting secrets in prompts
Automation workflow	n8n credential or secret store	hardcoding secrets
Internal AI workflow	Approved internal agent skill	raw secret in prompt text

If you pasted it, rotate it.

Takeaway

Don't paste. Rotate if you did.

Use approved secret-handling workflows so the tool gets access without exposing the value in prompts, history, or transcripts.

Remember

Secret manager → approved retrieval → approved tool
Chat is not a secret manager
The tool may differ, the pattern does not

If a secret is pasted by mistake

Act immediately — delete the message
Assume the secret is exposed
Revoke or rotate it
Update anything that depends on it
Report through the approved internal process

You need AI help, and the tool needs a secret

Safe or unsafe?

Don't paste secrets into chat.Use approved secret flows.

Never

Instead

1Password CLI → env var → coding tool

The pattern

If you're doing X, use Y

Don't paste. Rotate if you did.

Remember

If a secret is pasted by mistake

Don't paste secrets into chat.
Use approved secret flows.