Secret management for the layman | Willy's blog
If you use nix, you can set up a development environment with all the dependencies needed. In my case, I use just and age for this.
You can also configure direnv, to load the nix dependencies, as soon as you cd into the directory. This has been a powerful new method in my development toolkit.
If working on an existing repository, then I should create a commit, push the changes to git and ask to a colleague to encrypt the secrets again (after doing a pull)
This command can either encrypt everything necessary or it can be split into multiple commands internally. It should encrypt with all the recipients present in recipients.txt.
That should generate a github.key, and it should populate the recipients.txt. You can upload the github.key as a secret and your pipelines are ready to use it!
Let's say we have a repository with our infrastructure. It has 2 folders, one with terraform code. And another with a docker-compose, which gets deployed to the server using docker-swarm.
