Encrypt secrets in a text file stored in S3, using a customer-managed key. Read and export file contents as environment variables. Automate monthly rotation with S3 Object Lambda.

Utilize AWS Systems Manager Parameter Store with the default KMS key for secret strings. Use EC2 user data scripts for startup retrieval and environment variable export. Set up a Lambda function for monthly secret rotation.

Encode secrets in base64 and store as environment variables in app properties. Reference and rotate secrets in the application code.

Use AWS Secrets Manager with a customer master key for encryption and automatic rotation. Retrieve secrets with EC2 user data scripts and export as environment variables.