If you discover a security vulnerability, please report it responsibly:

1. Do not open a public issue
2. Email: kogunlowo@gmail.com
3. Include: description, steps to reproduce, potential impact

• Never commit secrets, credentials, or API keys
• Use variables for sensitive values with sensitive = true
• Enable encryption at rest and in transit where available
• Follow the principle of least privilege for IAM policies
• Regularly update provider versions for security patches