secrets management, inject or mount tho

hey everyone, i'm wrestling with secrets management in our containerized environment. we're currently injecting secrets as environment variables, but i'm starting to think about the security implications and the overhead of re-deploying pods when secrets change. mounting secrets as files seems like a more secure alternative, especially with tools like hashicorp vault or kubernetes secrets. what are your experiences with these approaches? do you have a preferred method, or have you found specific scenarios where one is clearly better than the other