I don't think "Keywhiz should be considered alpha at this point" really screams production ready, either. For me, the Sneaker README's detailed enumeration of which threat models had been thought over really helped inspire confidence, as did the acknowledgement that no professional cryptographers had evaluated its soundness (most people just ignore this idea and rampage onwards unencumbered by reality). I believe that both are probably better than storing plaintext keys and passwords at rest in Git or on developer machines.
bri3d|11 years ago