Which AWS service is used to securely store and rotate application secrets and credentials?

Centralized secret management with automated rotation is what AWS Secrets Manager provides. It securely stores credentials, API keys, tokens, and other secrets and handles encryption at rest with a KMS key. It supports automatic rotation for many common secrets, including database passwords, API keys, and certificates, using built-in or custom rotation logic via AWS Lambda. Applications retrieve secret values on demand through secure API calls, avoiding hard-coded credentials, with fine-grained access control through IAM policies. Secrets Manager also versions secrets and integrates with CloudTrail for auditing. The other services listed focus on analytics, content delivery, or data storage, not secret management, so they don’t fit the requirement. Therefore, AWS Secrets Manager is the correct choice.