Let's say for instance we have multiple AWS accounts: sandbox, primary, security. We'll put confidant into the security account, and we'll store its KMS keys there. In the KMS key policy we'll allow security, development and production to use the authnz key, so that they can call get_service. The issue is at this point we're fully trusting the IAM policy of all accounts to properly limit access to services, whether or not those services are in their own account.

To support multi-account we'll need to add some information to the service, which allows us to scope the service to an account. A scoping that can work is: service -> account -> kms key. We'll create a KMS key for each account, then we'll add settings to KMS keys for each account. Our default will be backwards compatible, which is to allow the service to be fetched by any account (which will be our AUTH_KEY setting).

For now we'll only consider these settings for service auth. User auth will continue using the USER_AUTH_KEY and won't be scoped by account.