A KMS similiar to the one in GCP, AWS, Azure and other cloud providers would be immensely useful.

In addition to being able to store secrets directly in the KMS, it would be possible to delegate to the KMS to automatically unseal Vault for generate secret management: https://www.vaultproject.io/docs/configuration/seal