The public cloud attracts enterprise customer adoption with its convenient deployment of services and abundant choices of configuration. However, while public cloud service providers offer extensive security for their hosting services, some still debate its trustworthiness and consider them an “untrusted boundary.” Sensitive data is processed by the Cloud Service Provider (CSP), typically in a multi-tenant environment, posing significant risks if a security breach were to occur. Therefore, enterprise may choose to store sensitive data and secrets in the private cloud, which is considered within the “trusted boundary”. Often these secrets are stored in Hardware Security Module (HSM) or software Key Management System (KMS) such as HashiCorp Vault.