I generally understand
npub , nprofile, and nsec ... but if I'm not supposed to put my nsec into any client apps, how do I sign without putting my nsec into a client app?The Nostr Getting Started Docs seems confused themselves. On the same page, you'll find these two paragraphs:
To be able to construct the signature, clients will need your private key. Native apps will generally have a place where you can paste your private key when first opening them. From the private key they can derive your public key too.
and then later ...
Should I enter my private key in the client?Generally, it's better not to enter your private key into any client. Most clients that ask for private keys do their absolute best to keep your key secure but given the nature of software, there are always breaches, exploits, and bugs that could potentially expose your private key.Remember, your private key is your identity in Nostr, so if it is compromised you'll lose your followers and will have to start from scratch rebuilding your identity.