Drone supports aesgcm encryption of secrets stored in the database. You must enable encryption before any secrets are stored in the database.
Database encryption must be configured before the any secrets are added to the database.
Create an encryption key:
$ openssl rand -hex 16 0c549fd39ae397333761d2cb0c53c219
Provide the encryption key to the Drone server: