I don't understand why people use config servers like this, instead of keeping it in version control. Keeping it in the repository allows me audit changes of everything. If you move it to an external service, you lose that. And even if the external service has an audit trail, now you have two sources of version control. My assumption why people would do this is because 1) they're told that's how it should be done 2) they have a slow deployment processes, where it takes too long to get the change merged & deployed. Anyway, I've very happily never used a config service, and I still remain unconvinced. :)
Do you check in passwords into your version control? How do you differentiate between different deployment settings?
sops is a great tool for version-controlled secrets - plaintext keys and encrypted values using remote KMS to do the encryption.
https://github.com/mozilla/sops