The project is nice, but I'm gonna have to stick with Vault as I like the flexibility of storage backends and not locked into AWS for enterprise-y apps that can't go to AWS.
This is also similiar to Sneaker (<a href="https://github.com/codahale/sneaker" rel="nofollow">https://github.com/codahale/sneaker</a>), which is written in Go. It doesn't copy to other regions by default, but it's not hard to handle that on your own. This also uses KMS, but stores encrypted secrets in S3.
I prefer credstash (<a href="https://github.com/fugue/credstash" rel="nofollow">https://github.com/fugue/credstash</a>) which uses KMS and stores encrypted values in dynamodb. It has built in ansible support via lookups too!
It looks like this is fairly similar to Mozilla sops[1].<p>[1]<a href="https://github.com/mozilla/sops" rel="nofollow">https://github.com/mozilla/sops</a>
I feel like this problem is already solved with iam ec2 instance roles<p><a href="http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html" rel="nofollow">http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles...</a>
Somewhat off-topic, but I read dcoker's username as docker at first and was fairly confused as to why docker was producing something like this just for AWS.