Dominykas BlyΕΎΔ@dominykas@fosstodon.org
@karlpoe@infosec.exchange well, with KMS you don't have to worry, but you also have no idea what's actually under the hood and who has the keys, so that can be a bit of a problem.
Karl Poe@karlpoe@infosec.exchange
@dominykas@fosstodon.org yeah, or like in the case of the last GCP outage, you can be left locked out because KMS wasn't working either. So it kinda makes sense to add AGE key (in addition to KMS) to your .sops.yaml and store it somewhere safely for break glass scenarios.