nostr:npub18994crjwnldrukwym5lz3y2nae84s84v20m2rkngtjnyg549lr6qvxmd6m I now have an apparmor profile I can deploy for all my containers that closes this exploit. Nothing will be able to read it.

This should probably be documented on your github as a stopgap solution until better secrets deployment capabilities / tooling are available