Secrets should never be checked into source code. Ideally, they should be injected into the runtime and then the values should be picked from there.
Examples of secrets are SSH keys, API keys and secrets (AWS or Stripe APIs, for example), database credentials etc.
In the sample Python code below, the secrets have been hardcoded:
key = "12345azan+/ryGUuk"
Ideally, this should be picked from the environment, like:
key = os.getenv("SECRET_KEY")