Store your secrets in a private Gitea repo. This simple tool will fetch the secret using your Gitea API key.
This is absolutely not the safest way to store secrets. There is bazillion problems with it. I won't get into this. This is just a tool that will fit into my restricted setup. Use at your own risk.
$ npm install -g gitea-secret
$ gitea-secret -t TOKEN -h HOST -r REPO -k KEY -o FILE
mandatory To obtain this token, go to Gitea > Settings > Applications > Manage Access Tokens.
mandatory Host of your gitea server. Don't type in the protocol - it only allows for HTTPS.
Example: git.example.com.
mandatory Name of the repository (including the owner). Example: foo/bar.
mandatory Path to the file that contains the secret. Example: secrets/mySecret.
optional If this flag is specified, the secret will be written to a file (instead of output to STDOUT).