how do u handle secrets management in cloud deployments tho

Hey everyone, I've been thinking about best practices for managing sensitive information like API keys, database passwords, and certificates in cloud environments. Storing them directly in code or config files feels risky. What strategies and tools are you using to securely inject secrets into your applications, especially when dealing with containerized services or serverless functions? Looking for real-world approaches and any pitfalls to avoid.