I’ve never seen anyone describe Vault as easy to use or ergonomic. That goes for just about any secret management platform out there, actually. The old adage about security being inversely proportional to convenience rings true, although it seems that the curve is exponential, with disproportionate effort required to get even a slight increase in security.
DevOps best practices, by and large, stem from the 12 Factors. Secrets are defined as environment variables in a configuration file somewhere and then injected at runtime by some platform. Whether that be AWS, GCE, or whatever, they all have various shortcomings.