Sensitive data has to be available for developers. How can you make sure it is not in their code ?
Applications are becoming increasingly modular and secrets are necessary to link all these components. API keys or database credentials give access to multiple systems including cloud infrastructure, databases, payment systems. Having critical secrets in your code base is like leaving your keys on your front door.