> what now?
Put the secrets in their own vault, use a service account to access them and then follow the same rules as sudo's grace period - dedicated terminal session, run only the commands that need to be privileged and exit the session as soon as you don't need it any more
I’m a solo dev. Service accounts are an enterprise feature.
I'm wrong again! See the rest of this thread.