Guides

Security best practices

A few habits keep your account and keys safe.

Key hygiene #

Read keys from environment variables or a secret manager — never hard-code them or commit them to source.
Use a separate key per application or environment so you can rotate or revoke one without touching the others.
Rotate keys periodically, and delete keys you no longer use.
Keep keys server-side. Do not ship an Merius key in a browser or mobile app where users can read it.

If a key is ever exposed, delete it in the dashboard and create a new one — a deleted key stops working immediately.