Changing passwords is easy — console input, save, done. But when the application using that password runs 24/7, it's completely different. At that password change moment, dozens of app servers holding cached old password simultaneously emit auth failures. "Password rotation" seems simple but is actually one of distributed systems' thorniest concurrency problems.
Secrets Manager's value isn't just "secure secret storage vault" — Parameter Store SecureString does that too. Secrets Manager costs $0.40/month, much more than Parameter Store, because of automating secret rotation in live systems without downtime