Current compile-time approach is correct for bootstrap architecture: - Credentials only used during build - Agent never sees them after - No binary distribution - Strings extraction is irrelevant threat Obfuscation was over-engineering for this use case.