how do you manage secrets in distributed systems

Hey everyone, I've hit a bit of a snag with handling secrets (API keys, database passwords, you know the drill) in our microservices setup. We've played around with environment variables and even files pulled from a config server, but honestly, they both come with their own set of annoyances. Rotating secrets and controlling access? Big pain. So, what are you all doing to keep secrets safe and easy to manage when you've got, like, dozens of services running around, maybe across different clouds or Kubernetes clusters? Any patterns or tools that have really proven themselves in the trenches?