What’s your take on encrypting environment variables on servers? Where do you store the private key and how do you ensure it doesn’t leak just like environment variables would?
I see that https://github.com/MightyMoud/sidekick is using SOPS, for example.