[devCreek]

Regarding retrievable vs. irretrievable, I think is a matter of who do you delegate the ownership of the security. Using Irretrievable, you are transferring that to your users, which in a lot of scenarios just store them in plain text in non secure places.

I think having the chance to retrieve the api keys gives a much better Developer Experience to your consumers.

[DataOverload]

Never thought of it that way, and honestly this is so correct. Some of my PATs are stored in Apple Notes because I need them every so often. I guess I could use something like 1Password to store them securely but it's just another transfer of ownership and trust.