What's the optimal approach for managing secret rotation in multi-cloud environments?

We're expanding our infrastructure to span AWS and Azure, and the complexity of secret management is escalating. Currently, we're using individual cloud provider KMS solutions, but synchronizing rotation and access across both is becoming a headache. Are there any established patterns or third-party tools that simplify secret rotation and lifecycle management in a multi-cloud setup without introducing significant operational overhead? I'm particularly interested in solutions that handle automatic rotation for various secret types like API keys, database credentials, and certificates, while maintaining strong auditability.