k8s has a few ways to deal with secrets, like ConfigMaps but way more secure.

I'm getting a new Kubernetes cluster set up and need to figure out the best way to handle sensitive stuff, like API keys and database passwords. I've checked out ConfigMaps and Secrets, but I'm curious about the best ways to rotate them, control who can access them, and avoid accidentally showing them. What do you usually do or use for managing secrets in K8s?