I put on my robe and tinfoil hat...<p>Managing all my keys on such a service would mean trusting Amazon will not hand them over to NSA and friends (with our without NSL or sealed indictment). Which I'm rather sceptical about, tbh, considering Amazon makes quite a lot of business with governments of all sorts.<p>EDIT: to clarify, my comment was about keys that would otherwise not sit on, or be used by, AWS images. If you make the effort to use such a tool, it makes sense to store all your keys, not just stuff that would have ended up on AWS anyway; and that's where the risk lies.
This is actually a really cool feature - the CloudHSM offering is both (very) expensive and not user friendly. This should help with big clients requiring HSMs or the like.<p>So many cool services could be built with this if there's an open API.<p>Edit: Sadly, it seems there's no out of the box ELB support... Would be great for TLS termination.
Usually when I read "security" and "centralized" in the same sentence, I think of an unsustainable model that will be disrupted in a few years.