The entire Kubernetes secret space is a bit immature with no standard solutions. Many of the larger solutions are vendor specific and don't solve the problem in a generic way, see AWS[1] or Vault[2][3].
I've been discussing the problem-space with the Godaddy External Secret maintainers and they seem a bit burnt-out. There is work on standardization here
https://github.com/godaddy/kubernetes-external-secrets/pull/..., but this more covers creating Kubernetes Secrets from external sources, work still remains around a generic pod injector solution.