Better credential handling #2
Description
For the 2023 overhaul I've focused on just making things work, while trying to get away from having secrets in plaintext Git necessitating that our infra repo remained private. Initially we might just share the few secrets individually and create Kubernetes secrets from a local workspace with the secrets pasted in but not committed. There are options within Argo and Helm to make this a little more friendly, and also an Argo plugin for outright integration with Vault - although with the current open source drama brewing over a license change Hashicorp pushed on some of their projects that might be a thing to think twice about or reach for a true open source fork at some point. In the meantime the secrets may just live in heads or perhaps variables defined on GitHub that only admins can get to.