Is there a meaningfully useful version of automatically write to an encrypted disk / RAM that could be used with a random cloud instance? Obviously the decryption key would be in RAM somewhere but as a short term best practice it might be somewhat useful
That specialized. I think on GH at least the runner you get is random and opaque to you? For encryption you could add a user-script to the ghost config, it supports that.