Home › AWS Security › cloudcomputing › scsdatagov › Which AWS service centrally stores application s…
Which AWS service centrally stores application secrets (DB passwords, API keys, OAuth tokens) with automatic rotation and IAM-controlled access?
AHardcoded env vars in container images
BAWS Snowball
CAmazon S3 with public read
DAWS Secrets Manager
Answer & Solution
Correct answer: D. AWS Secrets Manager
Secrets Manager is AWS's secret store with rotation (per SCS-C02 §5.4). The other options leak secrets.
Related questions
Which AWS service helps a security engineer collect evidence for compliance audits — assesWhich AWS service provides a turnkey multi-account landing-zone with guardrails, account fWhich AWS Organization feature lets a security engineer enforce 'deny all use of root userWhich AWS service centrally manages multiple AWS accounts with consolidated billing, SCPs,Which AWS service automatically discovers and classifies sensitive data (PII, financial daWhich AWS feature lets a security engineer enforce 'no S3 bucket can be made public' acrosWhich Amazon S3 feature enforces WORM (write-once-read-many) data retention to protect logWhich AWS service lightweight-stores parameters + SecureString secrets, integrated with KM