When we have a dedicaed server, noone can access to RAM data except the OS (for example Debian what working on).
If someone want to get a RAM dump, without accessing to system, they need to freeze the RAM modules and read after poweroff (they will keep data during some time).
But what about KVM? If we speak about OpenStack KVM, host admin can make a snapshot of my running VM into a single file.
Can he read after raw RAM's data to get the keys/secrets? ECRYPTFS keys for encrypted folders, gnupg2 private keys used recently, certificates, loaded into nginx memory from ecryptfs folder?