GitOps is a set of best practices that extend Infrastructure As Code (IAC) by using Git as the source of truth for Kubernetes configuration, driving tools like Argo CD, Flux, and the Codefresh deployment platform. A key challenge in adopting GitOps in Kubernetes environments is secret management, as traditional practices keep secrets in external systems such as Hashicorp Vault, conflicting with GitOps' principle of storing everything in Git. This article explores how to inject secrets from AWS Secrets Manager into Codefresh/Argo CD applications using the Argo CD Vault Plugin, which allows fetching secrets from various backends including AWS Secrets Manager. The process involves installing the Vault plugin in a Codefresh runtime, modifying configuration files, and linking Kubernetes secrets with AWS secrets, ensuring they are dynamically updated without being hardcoded in Git. While Argo CD doesn’t automatically update secrets from AWS, solutions like cron jobs can refresh them regularly. The article emphasizes that the described setup is durable through Codefresh runtime updates and highlights alternative methods for secret management, such as the External Secret Operator, which can autonomously refresh secrets.