its AirBnB.. they should have this stuff sorted! Dev/prod should be completely separate with the vaults/secrets management in prod having the correct keys with only a few peeps having access (in a break glass situation). Dev's should not have the keys to put into code to push to a prod external service...
There is zero reason why any dev (or worse external dev team) should have access to prod secrets, or the ability to push out via prod. (unless someone cocked up the config for the dev/staging push notification tooling, again requires a level of access)
Its the process, not the dev. A Dev should never have access to prod secrets, it show flaws in ABnB security model and tells me a fair bit around how the work with dev/deployment.
We use Azure Functions to pull data out of DataDog and other services (bespoke) to chuck in a capacity management database, and then use more FaaS's to munge the numbers etc.
We also use it in prod with for events, and customers who subscribe to message queues and webhooks etc.
Yes, if you park your car outside your house on the drive, and the key is in the house in a bowl by the door (for example) then they can steal the car in the middle of the night..
This is worse in the UK, as we have much less space, so things are much closer togeather (ie. the car, and the keys (where they are left overnight).
There is zero reason why any dev (or worse external dev team) should have access to prod secrets, or the ability to push out via prod. (unless someone cocked up the config for the dev/staging push notification tooling, again requires a level of access)