Do you encrypt secrets before committing them to a repository?
Are API keys and passwords stored in a local library any team member can decrypt?
Are you forced to re-encrypt all secrets anytime access has changed?
Stop doing those things! Cloud Based Key Management Services (Google KMS, Azure Key Vault, Amazon KMS) provide encryption keys as a service. KMS create a centralized access control list. Using a KMS, you can centralize secrets, removing them from local libraries. Key rotation can be automated, often times making a KMS more secure than local key management practices.