From the author of both of these features, here's the idea behind when you should use both:
- Use secrets for things which are actually secret like API keys, credentials, etc
- Use config map for not-secret configuration data
In the future there will likely be some differentiators for secrets like rotation or support for backing the secret API w/ HSMs, etc. In general we like intent-based APIs, and the intent is definitely different for secret data vs. plain old configs.