Storj will have access to your keys, but only while they are being used to process active requests. At rest the key is encrypted with your access key id and we don’t store the access key id (only a hash of it). During request processing we get your access key id, lookup the right encrypted access grant, decrypt it with the access key id, and then use the access grant. Additional improvements to the in memory caching of the keys is also planned to further limit the exposure. Currently the keys will remain cached in memory after they are first used.