AWS Key Management Service

I put on my robe and tinfoil hat...<p>Managing all my keys on such a service would mean trusting Amazon will not hand them over to NSA and friends (with our without NSL or sealed indictment). Which I&#x27;m rather sceptical about, tbh, considering Amazon makes quite a lot of business with governments of all sorts.<p>EDIT: to clarify, my comment was about keys that would otherwise not sit on, or be used by, AWS images. If you make the effort to use such a tool, it makes sense to store all your keys, not just stuff that would have ended up on AWS anyway; and that&#x27;s where the risk lies.

This is actually a really cool feature - the CloudHSM offering is both (very) expensive and not user friendly. This should help with big clients requiring HSMs or the like.<p>So many cool services could be built with this if there&#x27;s an open API.<p>Edit: Sadly, it seems there&#x27;s no out of the box ELB support... Would be great for TLS termination.

Usually when I read &quot;security&quot; and &quot;centralized&quot; in the same sentence, I think of an unsustainable model that will be disrupted in a few years.

Lots of new Amazon services today?

Could any one point me what&#x27;s wrong with nominal users and keys managed by system automation (AKA Puppet&#x2F;Chef&#x2F;SaltStack)?