Fetching keys can take some time and it could be useful to do it only when we want to update keys, or fetch them the first time.

Setting secrets can be done on multiple repositories in multiple commands, and it would be useful to have it as a separate command.

Doing this requires deciding on a way to store the data, which may not be obvious given the sensitivity.
We could provide several options:

• [windows-only] set secrets as environment variables in the local system
• set secrets in a plain text file (at a given path), maybe by default under ~/.ghsecrets
• if possible, store it in the system-dependent credential manager / key ring (is there a java API for this?)