[toomuchtodo]

You'd probably still want to use Sneaker until you were massive, even if you moved out of AWS. S3 provided tremendous value compared to its costs (3 cents/month/GB for storage, requests are cheap as well) compared to EC2.

[kingryan]

Though the sneaker page makes it very clear that its not ready for production use.

[bri3d]

I don't think "Keywhiz should be considered alpha at this point" really screams production ready, either. For me, the Sneaker README's detailed enumeration of which threat models had been thought over really helped inspire confidence, as did the acknowledgement that no professional cryptographers had evaluated its soundness (most people just ignore this idea and rampage onwards unencumbered by reality). I believe that both are probably better than storing plaintext keys and passwords at rest in Git or on developer machines.