how do you handle secrets management in kubernetes, like, do you use something specific or just the built-in stuff

setting up a new microservices architecture on Kubernetes and I'm trying to figure out the best way to manage sensitive information like API keys and database passwords. Should we stick with Kubernetes Secrets, or is there a better external solution like HashiCorp Vault or something else? What are the pros and cons you've seen in production