(no title)

If you have a team of 2-3 people, where everyone has access to everything anyway, and the secrets can't be used from outside the company (i.e. you need access to servers in the first place to authenticate with whatever service is configured), then it's one thing. It's bad, but it sure beats 'let's really carefully update it on all machines manually'.

I just really, really don't like blanket statements such as 'you shouldn't do that, full stop, context is irrelevant'.