add support for vals (#11)

docs/content/examples/secrets/_index.md

@@ -1,11 +1,5 @@
-Secrets management requires some extra care as we want to prevent values from
-ending up in the, world-readable, nix store.
+We support runtime secret (or config) value loading with [vals](https://github.com/variantdev/vals). A minimal example, using the file provider, might look like
 
-{{< hint "warning" >}}
-**WARNING**
+{{< source "default.nix" >}}
 
-The kubenix secrets story is incomplete. Do not trust it -- it has not been tested.
-{{< /hint >}}
-
-The easiest approach is to avoid writing to the store altogether with `nix eval` instead of `nix build`.
-This isn't a long-term device and we'll explore integrations with other tools soon(TM).
+The creation of `/path/to/secret` is out of scope but we recommend checking out one of [the many nix secrets management tools](https://nixos.wiki/wiki/Comparison_of_secret_managing_schemes).

docs/content/examples/secrets/default.nix

@@ -0,0 +1,9 @@
+{kubenix ? import ../../../..}:
+kubenix.evalModules.x86_64-linux {
+  module = {kubenix, ...}: {
+    imports = with kubenix; [k8s];
+    kubernetes.resources.secrets.example.stringData = {
+      password = "ref+file:///path/to/secret";
+    };
+  };
+}