Here at Compellotech we are using Octopus to automate all of our deployments for several years now. Recently we started to accommodate Infrastructure as Code (IAC) approach to simplify environments management. It allows us to spin new environments right from Octopus dashboard.
We are using Azure Key Vault to store secret data (such as SSL Certificates).
And I just came across an interesting alternative git-crypt. It looks very convenient.
git-crypt enables transparent encryption and decryption of files in a git repository. Files which you choose to protect are encrypted when committed, and decrypted when checked out.