Given the keys never leave the KMS hardware encryption module, are you at all concerned that all your data will be destroyed if you lose access to KMS for any reason? That's what has always given me pause when I consider KMS. Or do KMS users just take on faith that AWS will always be there?
Why do you like their auto-rotation? The keys that are rotated out are not never disabled, so I don't really understand the benefit. In what scenario would their auto-rotation improve security?
> Or do KMS users just take on faith that AWS will always be there?
I don't take on faith that they'll always be there, but I do believe that if for whatever (extremely highly unlikely) reason they did go away that they'd make it possible to get my keys, or give me enough notice so I could re-encrypt with other keys.
Face it, when running a business there is a ton of trust you have to put in 3rd parties (banks, insurers, your employees, the government, etc.) Yes, you should always evaluate the trustworthiness of 3rd parties, but AWS going away and deleting my keys is probably #6327 of things I worry about.
Why do you like their auto-rotation? The keys that are rotated out are not never disabled, so I don't really understand the benefit. In what scenario would their auto-rotation improve security?