Storing application secrets in vault for use in Spinnaker pipeline.

Application secrets should not be passed through Spinnaker or any other deployment tool as this is not safe from a security standpoint. If the tool is breached you now have all applications secrets that were passed through the pipeline exposed. The only things that should ever be passed through a deployment tool are location and/or references to the secret.The best practice for application secrets is for the application to fetch the secret itself during application startup. For VMs this is during the VM bootstrap or application startup process. For Kubernetes you would usually use do this using an init-container, sidecar, or both.For Vault here are some resources on how to get this working for Kubernetes:https://www.hashicorp.com/blog/injecting-vault-secrets-into-kubernetes-pods-via-a-sidecar/https://banzaicloud.com/blog/inject-secrets-into-pods-vault-revisited/https://itnext.io/dynamic-vault-secrets-agent-sidecar-on-kubernetes-cc0ce3e54a94For AWS Secrets Manager and Vault see the following:https://www.godaddy.com/engineering/2019/04/16/kubernetes-external-secrets/https://github.com/godaddy/kubernetes-external-secrets