Context

• We get frequent questions about how to do secrets management with the GitOps operator
• The ArgoCD Vault plugin is very popular, but when our customers run into any issues using it there is a gap in support between Hashicorp and Red Hat - neither are willing to help when something goes wrong
• Other teams and operators are evaluating External Secrets as a way to support multiple secrets manager
• The Secrets Store CSI driver is often discussed alongside External Secrets and should be evaluated as well

Description

Let's explore adding some variety of first class support for either a plug-able secrets manager integration, or if that's not possible then Hashicorp Vault specifically. 

Questions:

• What is involved in integrating with the External Secrets operator?
• How does the CSI driver compare - both features-wise and integration complexity?
• Would we want to adopt the existing Vault plugin?
• Are there already plans upstream to incorporate something for secrets management into core?

Acceptance criteria

• An admin can connect their ArgoCD instance to a secrets manager without needing to install an additional plugin
• Secrets can be retrieved from a secrets manager and injected to the specified resource