Thinking about application secrets. You state to also cover "Conceal service credentials from the Cloud Controller". Assuming you mean to encrypt e.g. passwords that are stored in the env of an application, right? So I assume this will help applications already to securely store their secrets.
