This document discusses several approaches for securely managing secrets in deployments, including using a release orchestrator, ARM templates, accessing secrets directly from Key Vault, and accessing supported services directly. It recommends using a release orchestrator for existing situations, ARM templates to avoid duplicating secrets manually, and directly accessing Key Vault or supported services when possible to allow secrets to be automatically picked up on deployment and rolled more easily. Config builders are also presented as a way to handle secrets for local development and deployments.