Tools
Practical
By Samson Tanimawo, PhD
Published Dec 22, 2025
4 min read
secrets.yaml Pattern Considered Harmful
Why a single secrets.yaml file is dangerous.
Live workflow · 3 working · 1 queuedLive
Signal · gather Working
Decide · pick action Working
Apply · with verify Working
Learn · update playbook Queued
Problem
Single file: easy to accidentally commit. Hard to rotate one secret without disturbing others.
Lost when the file is deleted.
Better
Per-secret in Vault or AWS Secrets Manager.
Granular access; granular rotation.
Migrate
Audit existing secrets.yaml. Move to managed store.
One-time effort; ongoing payoff.