how do you handle secrets management in kubernetes tho like managing sensitive info such as api keys or passwords its

Hey everyone, we're moving more of our infra into Kubernetes and are hitting the point where we need to manage sensitive information like API keys and database passwords securely. We've looked at Kubernetes Secrets, but I'm curious about best practices and other tools people are using. Are you sticking with native Secrets, using something like HashiCorp Vault, or a cloud provider's secret manager? What are the trade-offs you've found?