AWS Secrets Manager with strong a strong least-privilege, regularly-reviews IAM configuration has worked well for us
Building on this I’ve found https://github.com/segmentio/chamber to be super useful
AWS Secrets Manager with strong a strong least-privilege, regularly-reviews IAM configuration has worked well for us