beanflows

Author	SHA1	Message	Date
Deeman	a79c1cec7b	chore: remove LANDING_DIR from secrets (deployment path, not a secret) Some checks failed CI / test-cli (push) Failing after 11s Details CI / test-sqlmesh (push) Failing after 8s Details CI / test-web (push) Successful in 14s Details CI / tag (push) Has been skipped Details	2026-02-28 23:43:05 +01:00
Deeman	5e22f2e1ae	update secrets	2026-02-27 13:30:53 +01:00
Deeman	7d3263a39c	chore: add server age key	2026-02-27 07:37:36 +01:00
Deeman	fd164ca66a	chore: add server age key	2026-02-27 07:31:56 +01:00
Deeman	9d0e6843f4	feat(secrets): add SOPS+age secret management infrastructure - .sops.yaml: creation rules matching .env.{dev,prod}.sops (dotenv format) - .env.dev.sops: encrypted dev defaults (blank API keys, local paths) - .env.prod.sops: encrypted prod template (placeholder values to fill in) - Makefile: root Makefile with secrets-decrypt-dev/prod, secrets-edit-dev/prod, css-build/watch - .gitignore: add age-key.txt Dev workflow: make secrets-decrypt-dev → .env (repo root) → web app picks it up. Server: deploy.sh will auto-decrypt .env.prod.sops on each deploy. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-26 10:36:14 +01:00