For secrets management, we are having success with
vault. These can then be set independently to staging or prod values.
We then load these into Dagster with
from dagster import EnvVar
Further to this, there is documentation
here on k8s secret management.