The auth alone makes it so much simpler. We initially were going to setup a self-hosted vault and setup all the auth to integrate into our EC2s and on a whim I spent a few hours setting it all up with AWS Secrets Manager with implicit auth through an IAM role attached to the EC2s and it was dead simple and done. Best part is, I don't have to care how AWS Secrets Manager is hosted and my services don't care how to authenticate against it, it's all implicit through a simple api.