Document the SOPS setup for encrypting secrets in repo

Problem

#200 introduced the need to store secrets in git. We used SOPS with hashicorp vault to implement it. This fact and the required workflows are undocumented yet.

TODO: WHY do we need this?

Goal

Document how the SOPS setup works.

ACs

The infra repo contains docs about the used setup to store encrypted secrets in repo and guidance how to use it

Notes/ resources

cf. https://matrix.to/#/!ethZaECJGUnNhVlNKA:element.io/$sQAc6Uq9fyAHwkYscLXWn1zmcTjere0Cw554fMpxzW4?via=element.io&via=matrix.org&via=nordeck.io ff.

Hashicorp vault is not open-source any more. Is this okay for us? What are the implications thereof?

There is a vault deployed at https://vault.infra.dev.neo.fitko.dev/ui

Who needs to be involved / informed

reviewers:
involved: team::infra-and-ops, Yan, Ben?
informed:

Edited Nov 18, 2025 by Marco Holz