[tptacek]

I think this can be sane when you don't have multiple privilege levels anywhere in the data center you're deploying in. It's less sane if you have less- and more- privileged machines anywhere in the environment, or less- and more- privileged applications.

You're putting a lot of faith in a very complex and not- well- tested codebase if you rely on Consul ACLs to protect secrets.

[eropple]

The poor state of its testing is the biggest red flag I have towards Consul. I'm much more positive about it in its way than I am about other Hashicorp tools like Packer and Terraform, if only because it seems like Consul is core enough to the way they want to make money that it's more important to them. But there doesn't seem to be a culture of correctness and strong testing around those tools; trusting my sensitive data to a tool that's as complex and complicated as Consul is worries me. (I feel like it should be normal to have something maintaining my cryptographic secrets to be at least as well-tested as my web framework...)

Of the tools listed in the OP, I feel really good about Square Keywhiz; I'm still rolling it out in my first environment, so I can't say for sure, but I appreciate the level of effort that's gone into only doing secret storage and making sure it is exhaustively tested to spec.