The local-first approach is definitely appealing not being locked into someone else’s ecosystem is a huge plus. One thing I’m wondering though: how are API keys and secrets actually handled in this setup? Is there any built-in encryption or secret management, or would I need to manage that all myself?