Comment by 9dev

Until you have to fire one of your disgruntled employees, who has a copy of all your secrets that you now need to rotate.

A repository that an attacker only needs to get access to once, after which they can perform offline attacks against at their leisure.

A repository that contains the history of changed values, possibly making the latter easier, if you used the same encryption secret for rotated values.

This is an awful idea. Use a proper secret management tool you need to authenticate to using OIDC or Passkeys, and load secrets at runtime within the process. Everything else is dangerous.