Run Docker containers on Nix OS, commit every line to GitHub, and still keep your API tokens private using Agenix and age.