Post
Secrets at Rest: SOPS + age for Docker Compose Homelabs
SOPS encrypts .env files in place, git tracks the encrypted versions, and sops exec-file decrypts them into memory at deploy time. Plaintext never touches disk.
Security
2 items tagged Security.
Notes & Projects
Post
The agent reads your .env. So does the prompt cache.
I built drape because the obvious fixes — don't have .env in the repo, use a vault, gitignore harder — don't help when the agent is the thing doing the reading.