Deployments: support pulling encrypted credentials from key store repository

[joshpencheon]

In our current NDR-model deployment approach, credentials.yml.enc (and other YAML files using the Rails Encrypted mechanisms) are preloaded onto servers out-of-band from deployments, and symlinked into releases. If they need to be updated, there are a number of hoops to jump through due to read-only filesystems.

Ideally, capistrano would be able to be configured to search the key store repository for matching file(s), and deploy them to the server; both as part of a standard deployment, as well as via a standalone task (e.g. for key rotations).

[joshpencheon]

@bshand: we'd talked previously about potentially supporting a directory structure with some sort of mirroring or significance - have you got any thoughts on that, or any others generally?