> ## Documentation Index
> Fetch the complete documentation index at: https://docs.hyperwisor.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

> Protect your manufacturer secret key in production.

The manufacturer API uses two keys:

* **Public key** (`mk_…`) — identifies your manufacturer account; safe in client code
* **Secret key** (`msk_…`) — privileged; **must never reach a client**

<Warning>
  Never ship `msk_` in a production mobile binary or web bundle. Anyone who
  extracts it gains privileged access to your manufacturer account.
</Warning>

## Mock and local dev

In development the starter reads keys from `.env.local`, which is git-ignored.
That's fine locally — but `.env` values bundled into a client build are **not**
secret. The secret key needs a server-side home for production.

## In production

Keep the secret key on a server you control and have the client talk to that,
not the API directly. The app ships only the public key.

<Note>
  The starter ships a `docs/SECURITY.md` with the exact setup for your copy.
  Follow it before any production release.
</Note>

<Card title="Back to deployment" icon="rocket" href="/apps/deployment">
  Build for web and native.
</Card>