[Chore] Evaluate penguin-sal for secrets management

## User Story
As a maintainer, I want to evaluate penguin-sal for secrets management so that Elder can support external secrets backends (Vault, AWS, K8s Secrets) beyond plain environment variables.

## Background
Elder currently reads all secrets from environment variables (`DATABASE_URL`, `SECRET_KEY`, `JWT_SECRET_KEY`, etc.). This works for development and simple deployments but doesn't support:
- HashiCorp Vault
- AWS Secrets Manager
- GCP Secret Manager
- Kubernetes Secrets (dynamic)
- Secret rotation

`penguin-sal` (`pip install penguin-sal`) provides a PyDAL-inspired unified secrets API with 12+ backend drivers.

## Acceptance Criteria
- [ ] Evaluate penguin-sal v0.1.0 against Elder's secrets requirements
- [ ] Document which backends are relevant (Vault, K8s Secrets at minimum)
- [ ] If viable: integrate as optional secrets provider (env vars remain default)
- [ ] Existing env var configuration continues to work (backward compatible)
- [ ] Tests pass (unit + integration)
- [ ] Security scan passes

## Notes
- Low priority — env vars work fine for current deployments
- Most valuable for production Kubernetes deployments with Vault
- Should be opt-in, not mandatory (keep env vars as default)
- penguin-sal is v0.1.0 — evaluate stability before adopting

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Chore] Evaluate penguin-sal for secrets management #71

User Story

Background

Acceptance Criteria

Notes

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

[Chore] Evaluate penguin-sal for secrets management #71

Description

User Story

Background

Acceptance Criteria

Notes

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions