You are technically correct, the best kind of correct.

However, storing secrets in a git repo is still not as good as a purpose built store, because the access control on git is not fine grained enough.

Yes, that could be appropriate.

Access is per-repo, so if you have enough secrets and disparate interested parties, the number of required repos could make a dedicated alternative far more manageable.