For AWS, as with many cloud offerings, read the pricing small print: AWS Secret Manager also charges per API request [1]. It isn't expensive, but you should keep it in mind when you architect your infrastructure. (We actually switched from fetching secrets at runtime to injecting them into containers are deploy time, and this was one reason).
This bit us too. We use goodaddy's external secrets [1] to fetch secrets from AWS secrets manager and make them available to the cluster. It polls the secret every n seconds, but with many services consuming secrets, it can scale up pretty quickly and start to build up cost.
https://aws.amazon.com/secrets-manager/pricing/