Currently I'm diving into secret management in the development process. My idea is to use a secret management tool like Vault by HashiCorp to store all my secrets.
Here is my use case: client created Vimeo API key, which will be stored in Vault. I work in a small team and I would like to share this secret with my colleague. During development, they needs to use this key so they set this key as an environment variable. Later they will be fired (for example).
The problem is that I can revoke access to this key in Vault, but they still have the value of Vimeo token because they used it during development.
How do you handle this?