This thread https://redhat-internal.slack.com/archives/C05HGAR2DT5/p1716455608700939 describe an use-case that applies for the Orchestrator and for its software template.

Recently, we've changes the pipelines for creating a secret and mounting them to the pods for providing the credentials as system envs for the workflow's pods.

To make this experience better integrated with external tool, we'd like to explore the use of 
https://github.com/redhat-cop/vault-config-operator https://external-secrets.io/
 

Based on the slack's recommendation, the flow would be something like:

• a Software Template generates the manifests and push them to GitOps repo
• Argo applies it
• the Secret Management Operator creates the corresponding kube secrets