A company operates a web-based loan processing application. The application ' s UI was implemented in JavaScript. The frontend transmits application data securely by using HTTPS to Amazon API Gateway, which initiates an AWS Lambda function in private subnets. The Lambda function interacts with third-party credit check APIs that require persistent API keys. The company enforces strict policies to ensure that personally identifiable information (PII) and sensitive credentials are never exposed in client code, request paths, headers, or logs. The company needs a solution to manage the API keys that the Lambda function needs to use. Which solution will meet this requirement in the MOST secure way?