Summary
Add native support for loading secrets from age–encrypted files, both in the DSL and runtime, to provide a simple, secure, and cloud-agnostic secret management solution.
Proposed DSL Syntax
env {
DATABASE_URL {
from = "age"
file = "secrets.env.age"
keyfile = "/etc/rezn/rezn.agekey"
format = "dotenv"
}
}
Implementation Plan
[ ] Add age = "0.11" to Cargo.toml
[ ] Parse and decrypt age-encrypted .env.age files at runtime using age crate
[ ] Support:
X25519 keys (.agekey)
dotenv format for multi-var
[ ] Inject decrypted values into start_container() environment map
Summary
Add native support for loading secrets from age–encrypted files, both in the DSL and runtime, to provide a simple, secure, and cloud-agnostic secret management solution.
Proposed DSL Syntax
env {
DATABASE_URL {
from = "age"
file = "secrets.env.age"
keyfile = "/etc/rezn/rezn.agekey"
format = "dotenv"
}
}
Implementation Plan
[ ] Add age = "0.11" to Cargo.toml
[ ] Parse and decrypt age-encrypted .env.age files at runtime using age crate
[ ] Support:
X25519 keys (.agekey)
dotenv format for multi-var
[ ] Inject decrypted values into start_container() environment map