Honestly… the initial use case is to hide certs from the file system and secrets from the environment. However, this can be extended.

The primary issue has been not being able to manage an encrypted storage system… the main goal is to have something that can be audited, not just secured.

yes 100% ... embeded