You can also configure pinentry-curses of pinentry-tty and use the same setup without X11 forwarding. This also works with neovim!

Hashicorp Vault + Vault Config Operator + external-secrets. I have a simple chart that can add credentials to different apps which mostly gets used in argocd with its multichart functionality. A simple bash script to create the vault policies, which use the k8s back end to allow auth.

This with the matrix integration works great for me.