This is a Mozilla thing. The general idea is that we can do encryption of the secret values locally, then commit them. Then the application can decrypt them and have the right secret. I like this, but it makes these weird giant payloads in your config files.