Comparing this to Vault (with which I have been very satisfied):

The article mentions a single master key for cluster encryption. Are there any plans to split this as in Shamir's Secret Sharing?

How do secrets and secret authorizations renew and expire?

Any plans for limited-use tokens/secrets?