Felix, my setup is probably too complicated. and, i don't really know what "aws secretsmanager" is, or how you interact with it. but, in case this helps...
i put ("long-term") secrets in pass ---- https://www.passwordstore.org/ ---- for "programmatic access" (in particular, for passwords needed by e-mail sending and retrieving programs), avoiding having to enter my password every ten minutes (or so), i wrote something called credeface/credepass ---- https://gitlab.com/minshall/credeface ---- which uses git's (!) credential cache for this service ---- https://git-scm.com/docs/git-credential ---- in your case, you might just use `credeface` to first store, then later retrieve, whatever secrets you get from "aws secretsmanager". occasionally (`--timeout`), you should be asked by `credeface` to refresh that value. ---- bash archlinux (master): {1315} credeface --username ipsilon --host example.com store this is that bash archlinux (master): {1316} credeface --username ipsilon --host example.com get cannot display secrets on the terminal bash archlinux (master): {1317} credeface --username ipsilon --host example.com get | cat this is that ---- cheers, Greg