Have you managed secrets in a secret manager? Do you have any dedicated infrastructure for that?

Yes, I have managed secrets using several secret managers across different projects. In one recent role, I set up a HashiCorp Vault cluster on Kubernetes, configuring the Vault operator for dynamic scaling and high availability. I defined policies that granted read access only to specific namespaces and services, and I integrated Vault with the CI/CD pipeline so that build jobs could fetch secrets via the Vault Agent Injector. For another project, I used AWS Secrets Manager to store database credentials and API keys, leveraging IAM roles for service accounts to retrieve secrets at runtime. I also implemented automated rotation using Lambda functions and scheduled CloudWatch events. In both cases, the infrastructure was dedicated: Vault ran on a separate VPC subnet with strict network policies, while Secrets Manager was accessed through VPC endpoints to avoid internet exposure. These setups ensured that secrets were centrally managed, auditable, and rotated regularly, aligning with security best practices and compliance requirements.