I’m deploying using Kubernetes. I want to put the kubeconfig file into my build, but as my repository is public, it would be a security risk. I’ve encrypted it using gpg, and it’s decrypted using a secret environment variable.
Is this safe?
This seems like the best approach. As an additional measure I would also make sure that your GPG key has a passphrase (and store that as an ENVAR as well).
Of course, I would also use a specific key for this project and not have it shared for any other purpose.