JaySync Lab

Secret Management

SOPS + Age encryption approach used across this repository.

This repository uses Mozilla SOPS and Age for GitOps-style secret management. No plaintext passwords or API keys are ever committed to version control.

How it Works

Files ending in .enc.yaml are encrypted. The values are scrambled, but the YAML keys remain readable, making code review easy without exposing sensitive data.

Encrypted secret files live under /secrets at the repository root — structurally separate from /docs, so the documentation site's build process never has a path to them, encrypted or not.

On this page