A developer has just completed the configuration of an API that connects sensitive internal systems. Based on company policies, the security of the data is a high priority.
Which approach must be taken to secure API keys and passwords?
A. Embed them directly in the code.
B. Store them in a hidden file.
C. Store them inside the source tree of the application.
D. Change them periodically.