* infra backend * infra vars * general envs this way, secrets are only ever stored on the system (including the nix store) in an encrypted form in ${XDG_RUNTIME_DIR}.
