https://bitwarden.com/products/secrets-manager/
For AWS definitely use SSO with short lived credentials and proper landing zone setup.