Initialer commit

memory/feedback_secrets.md

@@ -0,0 +1,10 @@
+---
+name: Secrets in .env files
+description: User stores credentials in .env files, never in code or git
+type: feedback
+---
+
+User stores sensitive credentials (API keys, secrets) in `.env` files next to `docker-compose.yml`. Always create/suggest `.env` + `.gitignore` together.
+
+**Why:** User explicitly set up Spotify credentials this way.
+**How to apply:** When any new secret/credential is added, offer to write it to `.env` and ensure `.gitignore` covers it.