Intent-Code Divergence
Medium
- Confidence
- 95% confidence
- Finding
- The function is named and documented as creating an 'in-memory' KMS, but it actually uses KeysFileStorage('kms.json'), which persists private keys to disk. This mismatch can cause developers and operators to handle the component with weaker safeguards than required, increasing the risk of accidental key exposure, backup leakage, or insecure filesystem permissions.
