I use multiple keys for encrypting the secrets. It's been going fine for about 5 years and at least two key rotation events.
I usually have a key for each device that requires access, sometimes they overlap for all secrets and sometimes they only have access to specific folders (think a work vs. personal separation).
It's a high friction environment for sure, but I'm happy with it.
I usually have a key for each device that requires access, sometimes they overlap for all secrets and sometimes they only have access to specific folders (think a work vs. personal separation).
It's a high friction environment for sure, but I'm happy with it.