[mcpherrinm]

Well, our #1 use case is TLS certs, and basically every app supports reading them from a file.

For config files with secrets, there's often a way to include another file, or sometimes we just drop the whole config file into Keywhiz.

Here's an example from the Keywhiz codebase, of a file that's loaded from disk, but in prod could be swapped for a properly secured secret https://github.com/square/keywhiz/blob/master/server/src/mai...

In development, you don't need to run Keywhiz, so you can just write a file on disk, so that's a nice advantage: Less things to depend on.