Another quick question for you fine folks. Can authentication secrets be embedded into a source.yml config file? Trying to plan out a workflow whereby we have lots of different creds to supply, and want to prevent having to add each as a unique secret variable, when we could GPG encrypt the content of the yml instead.
Generally, yes (though we don’t usually recommend embedding secrets), if the authentication option is part of the plugin’s configuration. However, in the Azure case, I think it’s not, because auth is done via environment variables.
Though since in the Azure case the secrets are not part of the config at all, maybe you can GPG encrypt a file with contents like
export EXAMPLE=value
and then run source variables.sh before running cloudquery sync? Then the config itself wouldn’t need to be encrypted.
Cool - thanks again @herman - that’s exactly how I’m doing it now - was just hoping perhaps I could get away with encrypting a single file instead of two. 
Why would you need to encrypt two files?
You could put any secrets you need into the encrypted file, and then use them like ${MY_VAR} inside the CQ config.
Ah, you’re right! I’m literally reading that example in the source doc right now! Awesome!