secret-tool - like a vault that unlocks when a user logs in to their session. This shifts the problem to keeping the user’s login credentials secure but depending on your setup that might be preferable. Just be aware the once unlocked any process could access the vault in theory (I wish they’d add access controls…)
podman secrets - so you can securely provide secrets to containers. You can set these once securely then nothing except processes in the container can get them.