How would you design a secure workflow for managing secrets across services and environments at Cisco?