There are customer-managed keys services for all the above.
At the same time true zero trust you don’t put them in a repository or service that owns the whole stack
It’s weird how those keys need to be stored SOMEWHERE, especially for public-facing services that need to restart without intervention, and that the only place those keys then live is on some CLOUDACT-impaired service.
Zero trust is a fun goal we will never really achieve. Get off American pub-cloud providers.
There are customer-managed keys services for all the above. At the same time true zero trust you don’t put them in a repository or service that owns the whole stack
It’s weird how those keys need to be stored SOMEWHERE, especially for public-facing services that need to restart without intervention, and that the only place those keys then live is on some CLOUDACT-impaired service.
Zero trust is a fun goal we will never really achieve. Get off American pub-cloud providers.