I have a feeling this forum is not the most appropriate place for this hyper-technical question. Probably a better place would be NVIDIA Developer Forum’s Confidential Computing section or r/ConfidentialComputing.
I’m tangentially-related as dev-ops for a global company using Azure Key Vault and Hashicorp Vault at scale for many teams, some of them using Azure GPU’s, so maybe look into them for key management, but that’s the extent of my knowledge in this domain.