This rabbit hole of a task lead me to:
- Introduce a hardcoded secret module that is a secret provider
for tests.
- Update LDAP and SSO modules to use the secret contract.
- Refactor the replaceSecrets library function to correctly fail
when a secret file could not be read.
This makes the secret contract better (IMNSHO):
- Improves documentation, explains better the reasoning behind the
contract.
- Makes it easier to create an option implementing the secret contract.