What it is: A managed service to store and retrieve secrets securely.

What it’s for:

• Store DB passwords, API keys, tokens.
• Rotate secrets automatically (optional).
• Control access with IAM and audit usage.

Key ideas:

• Secrets are encrypted (often using KMS).
• Supports secret rotation for supported databases.
• Good for applications that frequently need secrets at runtime.

Exam cues:

• “rotate database password automatically” → Secrets Manager.
• “store API keys securely” → Secrets Manager or Parameter Store (Secrets Manager is purpose-built).

Hard words:

• *secret* /ˈsiːkrət/: bí mật (mật khẩu/API key)
• *token* /ˈtoʊkən/: token (chuỗi xác thực)
• *retrieve* /rɪˈtriːv/: lấy ra
• *runtime* /ˈrʌnˌtaɪm/: lúc chương trình đang chạy