Platform engineering is the discipline of designing and building toolchains and workflows that enable self-service capabilities for software engineering organizations in the cloud-native era.

Platform Engineering

I would try to work with your compliance team to find an acceptable permissions strategy for the secrets. You can create IAM roles for your engineers to prevent access to the buckets, only allowing administrators access. Thus should be acceptable for SOC 2 and ISO 27001 purposes 

They dont want to hear about state in S3 at all