[throwiforgtnlzy]

"Key escrow" by encrypting secrets yourself with trusted tools and storing the result in various object stores. Problem solved.

Also solved by on-prem secrets and password managers without cloud features or dial-home.

Trusting a new third-party with their new and likely unproven construction is a recipe that has failed spectacularly over and over again.

It's possible, but it's very, very difficult and, like email or DNS, becomes a kind of commoditized utility that rarely/never changes.