Add .kamal/secrets on kamal init

lib/kamal/cli/main.rb

@@ -148,9 +148,16 @@ class Kamal::Cli::Main < Kamal::Cli::Base
       puts "Created configuration file in config/deploy.yml"
     end
 
-    unless (deploy_file = Pathname.new(File.expand_path(".env"))).exist?
-      FileUtils.cp_r Pathname.new(File.expand_path("templates/template.env", __dir__)), deploy_file
-      puts "Created .env file"
+    unless (secrets_file = Pathname.new(File.expand_path(".kamal/secrets"))).exist?
+      FileUtils.mkdir_p secrets_file.dirname
+      FileUtils.cp_r Pathname.new(File.expand_path("templates/secrets", __dir__)), secrets_file
+      puts "Created .kamal/secrets file"
+
+      gitignore = Pathname.new(File.expand_path(".gitignore"))
+      if gitignore.exist? && !gitignore.read.include?(".kamal/secrets")
+        gitignore.open("a") { |f| f.puts "\n.kamal/secrets*" }
+        puts "Added .kamal/secrets* to .gitignore"
+      end
     end
 
     unless (hooks_dir = Pathname.new(File.expand_path(".kamal/hooks"))).exist?

lib/kamal/cli/templates/secrets

@@ -0,0 +1,6 @@
+# SECRETS=$(kamal secrets --adapter 1password --from Vault/Item Section1/KAMAL_REGISTRY_PASSWORD Section2/RAILS_MASTER_KEY)
+# KAMAL_REGISTRY_PASSWORD=$(kamal secrets extract KAMAL_REGISTRY_PASSWORD ${SECRETS})
+# KAMAL_REGISTRY_PASSWORD=$(kamal secrets extract RAILS_MASTER_KEY ${SECRETS})
+
+KAMAL_REGISTRY_PASSWORD=change-this
+RAILS_MASTER_KEY=another-env

lib/kamal/cli/templates/template.env

@@ -1,2 +0,0 @@
-KAMAL_REGISTRY_PASSWORD=change-this
-RAILS_MASTER_KEY=another-env