## Description Encrypt sensitive values in tow.yaml and config files, similar to ansible-vault. ## Proposed Solution - `tow vault encrypt config/prod/application.yml` - `tow vault decrypt config/prod/application.yml` - Auto-decrypt during deploy (password from env var or keyfile) - Encrypted files safe to commit to git ## Current Workaround \${VAR} expansion in config files already works for secrets in environment variables.