You can do the same with GitLab as another option, it supports custom domains too.

In that case I’ll also mention that Powershell has a secure-string that allows you to load secrets from encrypted file/user input. I believe it’s secured by the user’s login/session like secret-tool. They are even remain encrypted in memory so they can’t be snooped on.

Two more options you might consider:

• secret-tool - like a vault that unlocks when a user logs in to their session. This shifts the problem to keeping the user’s login credentials secure but depending on your setup that might be preferable. Just be aware the once unlocked any process could access the vault in theory (I wish they’d add access controls…)
• podman secrets - so you can securely provide secrets to containers. You can set these once securely then nothing except processes in the container can get them.