Managing certificates in K8 cluster

What is the common way to manage certificates in a cluster (for app-to-app authentication)?
Put them in multiple secrets?