AWS Secrets Manager is a fully managed service provided by Amazon Web Services that helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.

The AWS Secrets Manager plugin:

1. Connects to your AWS account using IAM credentials (either permanent access keys or temporary session tokens from AWS STS).
2. Discovers all secrets stored in Secrets Manager within a specified AWS region. This can be one of the following: 
   • Database credentials—Credentials for RDS, Aurora, Redshift, and DocumentDB with optional automatic rotation. 
   • API Keys—API keys and tokens for external services
   • Secrets—Application secrets (configuration values, connection strings, and sensitive application data) and custom secrets (any sensitive information stored in JSON or plain text format).

     The plugin does not retrieve secret values:

     • SecretString
     • SecretBinary

     Note: The plugin only collects metadata about the secrets. This ensures the plugin does not require GetSecretValue permission and maintains security best practices by not exposing actual secret values during discovery operation

3. Exports comprehensive metadata, including rotation settings, version information, and tags.