🔐 Secrets

Secrets stay in server-side environment, systemd units, Kubernetes secrets, or local ops files. Wiki pages cite source paths and keys, never secret values.

Rules

• Do not paste private tokens, database URLs, console passwords, or generated secrets into content.
• Client-safe config uses PUBLIC_* values only.
• TLS ingresses use the existing funday-tls-cert secret.
• Server-side keys stay server-side.

Source: funday/funday-codex.yml env, tls, and service sections.