I beg to disagree with you on the fact that it’s overkill. Quite to the contrary.
I relation to better secrets management topic
My bone of contention was in relation to these credentials arr exposed on the code of all Nethserver apps github pages.
Wouldn’t it be better to just have a defined {nethSecrets.environmentName} for all defined credential secrets on Nethserver apps.
Then using automatically generated secrets, these are passed to the app.
While it’s already possible to auto-generate etc,
The user, for cases like database login for some apps, the user is still required to be aware of what the said secret is.
In relation to load balancing and secrets rotation, the more reason why it would be necessary. Especially the load balancing bit.
As with regards to secrets rotation, now that’s the overkill part.