Security

• Store secrets in .env_secret (never commit to git)
• Use SSL/TLS for MQTT in production
• Enable authentication and topic-level authorization on broker
• Set proper file permissions on secret files
• Regularly update Docker images and dependencies