For a large system to work, it requires many credentials such as database username/password, api secrets etc. As security best practice, these secrets should not be stored in version control systems or in physical machines and should be rotated from time to time.
Secret management service is a backend service to enforce this security best practice. It can use any underlying standard secret vault such as AWS Secrets Manager/Azure Key Vault as a secret storage and individual applications connect with this service to get their required credentials.
Backend: python fast api, AWS Secrets Manager, Azure Key Vault