Managing secrets in GitOps environments, particularly with Argo CD, involves various approaches, including the use of sealed secrets, the Argo CD Vault plugin, and the External Secret Operator (ESO). The ESO, a Kubernetes controller, simplifies the retrieval and conversion of secrets from providers like AWS, Azure, GCP, and Hashicorp Vault into plain Kubernetes secrets, making them accessible to applications without altering their code. This method eliminates the need to store secrets in Git, sidestepping the issue of storing authentication tokens by leveraging Kubernetes authentication, which allows ESO to use a Kubernetes service account to access Vault. This approach enhances security by avoiding hardcoded secrets and supports secret rotation and revocation without restarting applications, thus aligning well with GitOps principles. The process involves setting up ESO and Vault, configuring a SecretStore for authentication, and using ExternalSecret YAML files to manage secret templates, ensuring secure and efficient secret management in Kubernetes environments.