What's the best way to use secrets (API keys, etc) in PAWS? Are .env files published in the public space? Is terminal input logged?
Topic on Talk:PAWS/Flow
Best way is to not do it.
PAWS admins, Toolforge roots and Cloud Service roots will have access to everything in PAWS if they try.
You can use unix file permissions to deny read from other toolforge users and the paws-public endpoint. Just make the file readable only to the user and it will be "private" to a dozen or so people.