pub fn encrypt_secret_strings(
value: &mut Value,
store: &SecretStore,
) -> Result<()>Expand description
Walk a TOML tree and encrypt every string leaf whose terminal key
name appears in [secret_key_names]. Strings already in enc2: /
enc: form are left alone (idempotent). Arrays of strings under a
matching key (e.g. paired_tokens) are encrypted element-wise.
Works at every schema version because it operates on raw TOML
rather than a typed #[secret] index — only the set of key names
to encrypt comes from the typed schema; the walker itself doesn’t
care about types.