deploy --service=wishlist --prod-keys-switch=true The prod.keys switch flipped to ON .
Maya checked the metrics. The new AI provider was slower—much slower. Worse, it charged per call. With holiday traffic, costs would explode. prod.keys switch
Maya ran:
For ten minutes, everything worked. Then the on-call phone buzzed. deploy --service=wishlist --prod-keys-switch=true The prod
Maya opened her terminal. The configuration file, keys.config , looked like this: Worse, it charged per call
{ "environment": "dev", "api_keys": { "ai_provider": "dev_sk_test_123", "payment_gateway": "dev_pk_test_456" } } She knew the routine. Never, ever commit prod keys to code. Instead, the system used a —an environment variable called PROD_KEYS_ENABLED . When set to false , the app used dev keys. When set to true , it reached into a locked, encrypted vault and loaded the real production keys.
She needed to roll back, but there was a problem: if she simply reverted the code, the prod.keys switch would still be true . The old AI provider’s prod key was already deleted from the vault. Without it, the app would crash entirely.