Looking at the vault code, https://github.com/supabase/vault/blob/16f1570e0ff5d384897b9bc15b5183a45702e2ab/sql/supabase_vault--0.3.0.sql#L70, I asked myself why the secret is first inserted as unencrypted, only to be replaced by the encrypted value.
Is there a guarantee, the unencrypted value won't get synced to disk meanwhile?
Tilman Vogel questions the process in Supabase Vault where a secret is initially stored unencrypted before being replaced by an encrypted value. He seeks assurance that the unencrypted value is not synced to disk during this process.