Creating KMS keys
A key building block of any secrets management solution is the ability to encrypt your credentials using encryption keys, which ensures the privacy and confidentiality of your credentials. The AWS Key Management Service (KMS) is a managed service that allows you to create and control encryption keys, and provides a simple, low-cost solution that takes away many of the operational challenges of managing your encryption keys. Key features of KMS include centralized key management, compliance with a number of industry standards, built-in auditing and integration with other AWS services.
When building a secrets management solution that uses AWS Secrets Manager, you should create, at a minimum, at least one KMS key in your local AWS account and region that is used to encrypt your secrets. AWS does provide a default KMS key that you can use with AWS Secrets Manager, so this is not a strict requirement, however, in general, you should be comfortable with creating your own KMS keys...
