AWS Certified Developer Associate DVA-C02 Practice Question

The best practice for managing secrets is to use a dedicated secret management service which allows for secure storage, fine-grained access control, audit capability, and ease of rotating secrets without embedding them directly in the application's code or environment. AWS Systems Manager Parameter Store provides these features, allowing you to store data as encrypted parameters and giving you the ability to strictly manage access. Direct embedding of credentials in the code is insecure and makes management and rotation difficult. Using an object storage service can partially solve the problem but lacks the secret management functionalities. Custom attributes in a user management service deviate from the service’s intended use and do not deliver the rigorous management or auditing capabilities required for handling secrets securely.