Explanation

AWS Secrets Manager is the correct choice because:

• Purpose-built for credentials: Secrets Manager is specifically designed to store and manage sensitive information like database credentials, API keys, and other secrets
• Automatic rotation: It can automatically rotate secrets according to a schedule, reducing operational overhead
• Secure storage: Secrets are encrypted at rest using AWS KMS
• Easy integration: Applications can retrieve secrets through API calls without storing credentials in code
• Minimal operational overhead: Unlike managing credentials manually or using KMS directly, Secrets Manager handles the complexity of secret management

Why other options are incorrect:

• AWS KMS: Primarily for encryption key management, not credential storage
• AWS Config: For resource configuration tracking and compliance, not credential management
• Amazon GuardDuty: For threat detection and security monitoring, not credential storage

Secrets Manager provides the most streamlined approach for securely storing and managing database credentials with minimal operational effort.