Modernize the way SeaSketch handles "secrets"

[underbluewaters]

Right now SeaSketch leans on environment variables for configuration. Locally, dotenv files are used in development to manage that configuration and on production I'm relying on github actions to access github-managed secrets via their environments. This works okay but has a few shortcomings:

1. Setting up a new dev machine is a pain. It would be nice if there were default templates that could be accessed somewhere in the repo, and if sets of secrets could be securely shared with our team.
2. There are so many secrets now, it would be great to have better documentation somewhere.
3. Secrets should be validated on startup
4. Github environments are difficult to debug since they are inaccessible once provided. There's no way to view the entire production configuration.

I've heard there are more modern approaches to configuration management but I need to do some homework to figure out what that would look like.

[underbluewaters]

I ended up doing something a bit more pragmatic, simply referencing a 1password vault in .env.template files and documenting the process in ENV.md.