What is the common way to manage certificates in a cluster (for app-to-app authentication)? Put them in multiple secrets?