Is api encryption key vault services really secure?
I am looking for a secure (and as easy as possible) way to store my encryption key.
I have been looking at some services that will hold the key for you and then you can retrieve it with an api. The idea is that they store it safely and on another environment, making it harder to get the key than for example from a .env file.
But, what I don’t understand is how is this more secure? I mean, the key is stored safetely on another environment, but to get the key I have to use certificates to authenticate myself, and these are stored in my environment.
So basically, would it not be as easy for a hacker to get hold of the certificate and use those to get the key, as it is to get the key directly?
For more information from one of the services (lockr.io), you can scroll down to client certificates: https://docs.lockr.io/#lockr-general-concepts
