Stav dette: Towards Risk-Based Secret Management in Software Artifacts