[sqidyyy]

Thank you for this post. I agree and feel the struggle as well. Often the issue is even to communicate that this type of data is, literally, a _secret_ and should be treated accordingly.

I'm looking forward to things like mTLS and solutions with short token lifetimes and automated rotation. This should definitly reduce the amount of encrypted secrets in Git repos and basic auth logins for every 3rd exposed service.

In the end developers rarely care how the secrets gets to the application, or if it's fresh or been in the same namespace for over a year.