Write it down before I forget about it again:

for x in $(gh api graphql --paginate -f query='query($endCursor:String) { organization(login:"myorg") {
    repositories(first: 100, after: $endCursor, isArchived:false) {
        pageInfo {
            hasNextPage
            endCursor
        }
        nodes {
            name
        }
    }
    }
    }' --jq '.data.organization.repositories.nodes[].name'); do

    secrets=$(gh secret list --json name --jq '.[].name' -R "myorg/${x}" | tr '\n' ',')
    if ! [ -z "${secrets}" ]; then
        echo "${x},${secrets}"
    fi
done

Requests a list of all not archived repositories in a GitHub org and queries repository secrets. If we find some we output the repo name and the secrets in a comma separated list. Not real CSV, but good enough for further processing. I've to admit it's kinda beautiful what you can do with the gh cli by now. Sadly it seems the secrets are not yet available via GraphQL (or I missed it in the docs), so I just use the gh cli to do the REST calls.