How do you handle sensitive stuff, you know, like passwords and API keys, when your servers are only up for a short

were setting up some CI/CD pipelines that spin up and tear down environments for each PR. a big headache is how to securely inject secrets (like API keys and database credentials) into these short-lived containers. weve looked at things like HashiCorp Vault and external secrets operators, but the integration with dynamic, ephemeral infra feels complex. what are your go-to methods or patterns for handling secrets in these kinds of temporary environments without compromising security?