We're testing loading certs and encrypted keys into keyvals for our servers running as reverse proxies. Currently, we have to load the cert and key for each site even if the cert/key pair is a wildcard domain. We then either have to have one large keyval store or several on a per-domain basis which can be tricky to manage when you have several servers. We do sync the keyvals across the servers, but even that can have its drawbacks.