Secrets management

kubegrade should avoid collecting or storing secret values unless strictly required recommended approach use kubernetes secrets only for agent/integration credentials where necessary prefer external secret managers and short lived credentials scope credentials per workspace/project/integration encrypt secrets at rest redact secrets from logs/ui/audit exports documentation should specify where secrets live (saas/on prem/hybrid differences) rotation procedures revocation procedures how to re authenticate integrations without downtime