Explain the precise role of a Key Management System (KMS) in the secure lifecycle management of OTP secret keys for a large-scale digital banking platform.

A Key Management System (KMS) serves as the foundational secure infrastructure for managing the entire lifecycle of One-Time Password (OTP) secret keys within a large-scale digital banking platform. An OTP secret key is a unique, randomly generated cryptographic key, typically symmetric, shared between the banking platform's authentication server and the user's authenticator device or application. This key is the basis for generating a unique, time-sensitive code for strong customer authentication, for instance, using algorithms like Time-based One-Time Password (TOTP) or HMAC-based One-Time Password (HOTP). The precise role of the KMS encompasses several critical functions throughout the key's lifecycle: First, the KMS orchestrates the secure generation of these OTP secret keys. Leveraging integrated Hardware Security Modules (HSMs), which are tamper-resistant physical computing devices, the KMS ensures keys are generated with high entropy random number generators within the secure confines of the HSM. This process prevents exposure of the key material even at creation. Second, the KMS securely handles the storage of these secret keys. The keys reside encrypted, typically within the HSMs themselves or in encrypted key databases managed by the KMS, accessible only through strictly defined interfaces and policies. This 'at rest' encryption protects the keys from unauthorized access even if underlying storage infrastructure ....