Which leads to the next question, is there any way I could send runtime variables & secrets to a cloud specific storage option such as AWS Secrets Manager and then use that instead so that I'm not having decrypted secrets lying around in cloudformation stacks?