fix: feat: consolidate secret stores — single granular secrets/*.enc, deprecate .env.vault.enc (#777)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-15 18:35:03 +00:00 · 2026-04-15 18:35:03 +00:00 · 88676e65ae
commit 88676e65ae
parent a87dcdf40b
14 changed files with 254 additions and 130 deletions
--- a/action-vault/vault-env.sh
+++ b/action-vault/vault-env.sh
@ -28,7 +28,7 @@ fi
 # VAULT ACTION VALIDATION
 # =============================================================================

-# Allowed secret names - must match keys in .env.vault.enc
+# Allowed secret names - must match files in secrets/<NAME>.enc
 VAULT_ALLOWED_SECRETS="CLAWHUB_TOKEN GITHUB_TOKEN CODEBERG_TOKEN DEPLOY_KEY NPM_TOKEN DOCKER_HUB_TOKEN"

 # Allowed mount aliases — well-known file-based credential directories