SECURITY SERIES · 01·3 min read
The first secret is the one you can't commit
Secrets management has a bootstrap paradox: the credential that pulls every other secret can't itself live in git. Here's how a homelab fleet breaks the cycle — zero plaintext secrets in any repo, and a clean rule for which is the one exception.
- security
- gitops
- secrets
- kubernetes
- external-secrets