Question

How should auth token be managed?

Answer

Use long random tokens and rotate them when credentials are exposed or team access changes.