Investigate secrets handling
Possible options are:
- For password: hashes
- The webpage generates a key pair (and stores it in the local storage) and the client encrypts secret_credentials using the public key (is this possible)
- Once the webpage local storage is cleared (or the user switches the browser) the user can't access the secret_credential anymore. The user can request a redeployment, which will reencrypt the credentials
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information