1) They are in a key management service (not AWS). Highly unlikely somebody will get both access to the keys and the data together. They are also rotated periodically.
2) Well lately, I'm not. The Apple/FBI case was somewhat assuring. And I believe that to date, AWS has not handed over any data or keys without permission.
3) More theoretical advice about the new French region. What are the laws about privacy and how will that work. We just saw what Germany ruled on with WhatsApp. And really just asking the question because it needs to be asked. I don't actually expect an ultimate answer, just discussion about it.
> 2) Well lately, I'm not. The Apple/FBI case was somewhat assuring. And I believe that to date, AWS has not handed over any data or keys without permission.
How would you know? The NSL would prevent Amazon from being able to say anything about it.
If you're that concerned about your security, you shouldn't be using a cloud provider.
The Apple FBI case only happened because Apple was physically unable to hand over the data, since they had no access to it. If you have the keys, you have access to the data presumably, and you'll be giving it up once you're compelled to by the government (see Lavabit).
1) Keeping keys to extremely sensitive financial data on a cloud server
2) Confident that the US government won't request this information through warrant or national security letter
3) Asking for advice about this on a message board?