Prod.keys Switch -

Three days before Black Friday, the CEO announced a last-minute partnership with a major toy brand. The integration required swapping the AI provider’s key for a new one—immediately.

Maya ran:

Maya was the lead site reliability engineer for a fast-growing gift marketplace called PresentsPass . Every December, traffic spiked. This year, the company had a new feature: "Smart Wishlist," which used a third-party AI to predict what a user’s friend might like. prod.keys switch

The prod.keys switch remained the most boring, most important toggle in the entire stack—because boring, when it comes to secrets, means the building stays standing. Three days before Black Friday, the CEO announced

{ "environment": "dev", "api_keys": { "ai_provider": "dev_sk_test_123", "payment_gateway": "dev_pk_test_456" } } She knew the routine. Never, ever commit prod keys to code. Instead, the system used a —an environment variable called PROD_KEYS_ENABLED . When set to false , the app used dev keys. When set to true , it reached into a locked, encrypted vault and loaded the real production keys. Every December, traffic spiked

deploy --service=wishlist --prod-keys-switch=true The prod.keys switch flipped to ON .

Maya updated the vault with the new toy brand’s key. Then she ran the deployment script: