its AirBnB.. they should have this stuff sorted! Dev/prod should be completely separate with the vaults/secrets management in prod having the correct keys with only a few peeps having access (in a break glass situation). Dev's should not have the keys to put into code to push to a prod external service...
There is zero reason why any dev (or worse external dev team) should have access to prod secrets, or the ability to push out via prod. (unless someone cocked up the config for the dev/staging push notification tooling, again requires a level of access)
Its the process, not the dev. A Dev should never have access to prod secrets, it show flaws in ABnB security model and tells me a fair bit around how the work with dev/deployment.
We use Azure Functions to pull data out of DataDog and other services (bespoke) to chuck in a capacity management database, and then use more FaaS's to munge the numbers etc.
We also use it in prod with for events, and customers who subscribe to message queues and webhooks etc.
There is zero reason why any dev (or worse external dev team) should have access to prod secrets, or the ability to push out via prod. (unless someone cocked up the config for the dev/staging push notification tooling, again requires a level of access)