"GitHub also has its own Secrets API"
Okay. For the past two decades I have been working with RSA encryption and I have repeatedly been told that knowing how encryption works does not mean you know how to decrypt a specific set of data.
Despite the NSA, I do still hold that to be true, so, instead of everybody creating their own Secrets API, I think the community would be better served by an official, open-source Specrets API. One that even the NSA can't break into.
Sorry, I'm not intelligent enough to write it myself - not to mention that it needs community adoption - but I'm guesssing that until we do have such a globally-accepting, publicly-reviewed tool in place, all we're going to get is different solutions who all base their efficiency on the words "highly unlikely".
And that is not enough.