Nuxtjs Guideline: Environment — Keep secrets in private config. Description: Server-only secrets in runtimeConfig root. Do: runtimeConfig.apiSecret (server only). Don't: Secrets in public config. Good Example: runtimeConfig: { dbPassword: '' }. Bad Example: runtimeConfig: { public: { dbPassword: '' } }. Severity: High. Docs: https://nuxt.com/docs/guide/going-further/runtime-config.