In addition to the current secret types (files and SSH/PGP keys), I would like to be able to add environment variables.
Currently, I'm putting values in a file and adding the following commands to all tasks, but this isn't very wieldy when there are many tasks in a manifest:
set +x . ~/.buildsecrets set -x
For me, I usually use an secret management CLi (e.g. Doppler, HashiCorp Vault) and drop an init script or an prepared config for these as secret as workaround.