Looks like their secrets feature pops you out to an external site where you have to authenticate separately, and the secrets are entered there, and stored for later use. Check out their video, seems they thought it all through
Thanks, we've tried to re-think DevOps from a Slack first point of view and this was a major consideration so I'm glad to see you recognize it but we've still got a long way to go and we're very open to feedback too!
