When it comes to secrets in Kubernetes, I like to keep things simple, but secure.

hey everyone, i'm looking for some ideas on how teams manage sensitive stuff like API keys, passwords, and certificates in Kubernetes. besides the basic Secrets object, what ways and tools are you guys using that actually work for keeping things safe, rotating them, and controlling who can access them? do you have certain ways you do things for different setups, like dev, staging, or prod? i'm really interested in hearing about what you've actually done and what works best.