@schlink@octodon.social how secret? you probably have a sandbox api and production api so multiple secrets. I frequently use an envvar to select just the name of an environment, and load a plain-text config file base on the name. I guess your config file could be secured with pgp.