The filesystem supports chmod and chown, so the admin can delegate. The permissions are not persistent across machine restarts, so any delegation would have to be part of the machine startup (at privilege). Pick your uid and gid and file permissions as fits your app.
Having state maintained in the file descriptor means that we can clean it up as soon as the file descriptor is dropped. The actual process is fd = open("/.fly/kms/myencrkey/encr"); write(fd, plaintext); ciphertext = read(fd). So each client gets their own state and wont interfere with concurrent operations (so long as they dont share the same fd).