In order to make secrets more secure, they need to be moved from repo or org-wide scope to environment scope. This is currently not supported by otterdog. While it supports environments, it does not support environment variables and environment secrets.