[ComputerGuru]

You can include encrypted secrets and deploy the key out-of-band (eg just copy the private key with scp). This is much more secure than env variables which are prone to leakage. Our open source solution for this (cross-platform, cross-language): https://neosmart.net/blog/securestore-open-secrets-format/

It supports embedding the encrypted secrets in the binary or loading them from a file. The secrets would actually be stored (encrypted) alongside the code, even versioned in git.

Eg this is the rust version on GitHub: https://github.com/neosmart/securestore-rs/tree/master

[chromatin]

Hey! Your rust (and C# I guess) secrets library looks super cool. I'm going to look at using this in my next project. Thanks for sharing it.

[ComputerGuru]

Thanks for the words of gratitude, kind stranger! Glad to have potentially written something of some value to you.