AWS Secrets Manager abuse TL;DR: Wildcarded GetSecretValue, cross-account replication, kms key policy as the silent gate. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References TODO