How are you managing secrets?

What are people using to manage secrets, such as database passwords, license keys, etc.?

Do you restrict access to these secrets to certain pods? Do you rotate them?

Solutions I’ve seen (but not tried at this stage) include:

But what do you use? How hard was it to set up? Would you use it again, now?