Well, I guess in the purest possible sense you're correct.
However, I'm currently working with a group using Terraform on GCP (GKE), and it's popular with them to use Secret Manager to manually create a secret in there (when it cannot be auto-gen'd with the IaC, a fairly small subset of things) and then reference that secret from the infra-defining code.
I think of it as being akin to "this service requires a correctly configured FOO_BLAH variable in it's environment". I don't really see it as any failure of achieving some IaC goal, but defining infrastructure code isn't my primary function, so take this with a grain of salt.
However, I'm currently working with a group using Terraform on GCP (GKE), and it's popular with them to use Secret Manager to manually create a secret in there (when it cannot be auto-gen'd with the IaC, a fairly small subset of things) and then reference that secret from the infra-defining code.
I think of it as being akin to "this service requires a correctly configured FOO_BLAH variable in it's environment". I don't really see it as any failure of achieving some IaC goal, but defining infrastructure code isn't my primary function, so take this with a grain of salt.