Comment 1 for bug 1447935

I've pushed a quick fix, restricting perms to 0600

A better solution might be to not pass the data in the relation at all, and rather pass a path to a file with the data in.

That way, the secrets are never seen by juju or conn-check, and it's easier for the charm to define secrets paths for the confined-role subordinate. Plus, passing yaml-as-a-string in a relation is a bit icky.