1) secrets in code are a symptom of broken dev culture not just tooling. fix the culture first, train devs early on using environment variables and iam roles. make secrets invisible to code.

2( relying on gitignore or vaults alone is band-aid. sdk picks up creds from environment or home dir automatically if you use aws properly.

3) automate secret scans in ci but dont trust them blindly, human reviews and rotating keys asap is still critical.

4) biggest risk is devs rushing and skipping processes, so build workflows that make mistakes obvious and costly to push.

5) at scale, even perfect tech fails without good process + education. focus there and tools become backup not main defense.

this mindset saves time and downtime. secrets leaks cost more than any fancy tool subscription.