see, the whole repo is accessible to the members of the team that are allowed to see the secret - basically the two folks that have root on the machine anyways. There's very limited use in encrypting the repo. There are no SSL keys or any secrets that would require tight security. It's basically our newrelic and some other api keys for reporting services. Even if that repo would be breached you could only start sending fake data to those services.
I'm more concerned about someone hacking the machine than someone hacking github to access the repo and retrieve the newrelic key from there.
I'm more concerned about someone hacking the machine than someone hacking github to access the repo and retrieve the newrelic key from there.