See [[Container secret mounts]]. * New field called "secret_mounts" which can container "json" or "text" type mounts. These are processed the same way as normal mounts. * Add support for "text" type mounts which are literal text which is written to file during setup (similar to "json" type, but unstructured.) * Ensure that contents of "secret_mounts" isn't logged (eg container.json) * Ensure that contents of "secret_mounts" isn't captured in output collection Note: for completeness, we should also have "secret_environment" and "secret_command" that are merged with the public environment and public command line respectively.