PLAYING IN THE VAULT
Keeping secrets to yourself is inherently difficult when putting them onto someone else's computer. So the cloud providers and their technology need to be instructed in detail on how to handle those secrets, and you yourself must take care in configuring these instructions. Also there must be automatic authentication of those requesting the secrets, and there needs to be some interaction with on-site and local solutions. This talk gives an overview - not too technical, but sufficiently to get you started in a secure direction.
The referent Marcus Holthaus has been doing security improvements of technical systems for decades as a consultant and as a security architect, he talks to management and to implementers and supports them in keeping the bad guys out and the secrets in.