Comment by lucyjojo

at that point keep them in there, quit using the "secrets in repo" strategy from now on and rotate all your secrets in your new vault.

you also have the option to cut a new repo. it's a small team, you don't have behemoth inertia.

(secrets in repo if your code is open-sourced is indeed not a good idea at any scale. it's also a bad idea if your secrets cannot be easily meaningfully rotated, like putting your social security number in a secret.)