I’m migrating from Docker Swarm where secrets were immutable and could not be updated. This made them a pain to deploy. Is that also the case with Kubernetes? Ideally I just want an idempotent apply script.
I’ve also read that Kubernetes secrets are just a minimum bar for security and that ideally you should use a dedicated secret store like Azure Key Vault or Hashicorp Vault but you need a secret to access those services, so presumably that secret would be stored in a Kubernetes secret.
Finally, I’d also like to know whether it’s recommended to use Secrets exposed as volumes or environment variables.