Sensitive data has to be available for developers. How can you make sure it is not in their code?
Modern applications communicate using secrets: API keys and other credentials thus give access to multiple systems of the company. These secrets are even more sensitive than credit card numbers for your organization. You wouldn’t let unauthorized actors find them.