Use this pack to run a focused cleanup review for one application, platform workflow, subscription, repository group, or high-risk integration. Do not start with the whole enterprise. Prove the loop first, then repeat it.

1. Pick one workload or platform workflow with sensitive access.

2. List every place secrets might live: repository, pipeline, vault, app settings, deployment outputs, runbooks, docs, and local scripts.

3. Fill out the inventory table for confirmed findings only.

4. Score each item by blast radius and rotation difficulty.

5. Assign an owner, action, due date, and evidence requirement.

6. Schedule the first review meeting before the worksheet becomes stale.