How do I manage secrets in each environment?

Hashicorp Vault is the preferred way in Jenkins X to manage secrets. For example, the GitHub personal access token generated for the pipeline bot is stored in Vault. Read more about using Vault to manage your secrets with Jenkins X.

In addition, the Jenkins X team are big fans of Kubernetes External Secrets and are developing jx-secret, a small command line tool working with Kubernetes External Secrets.