Correct, but hacking into the hypervisor is harder than hacking an administration interface. In the end the only secure server is one in a vault at the bottom of the ocean, but there are ways to prevent certain attack vectors.

>In the end the only secure server is one in a vault at the bottom of the ocean[...]

I strongly doubt that:

https://en.wikipedia.org/wiki/Glomar_Explorer

Hetzner provide a lot of physical machines too, I believe this is what the other poster was talking about.

Physical machines don't prevent keys from leaking out. A physical attacker can analyze power usage usage patterns to extract the encryption key. :)

I don't think you have that sidechannel with AES-NI. Besides, as a physical attacker cold boot attack would be much easier Or if the server has any interfaces with DMA, like PCI or something, that's even easier.

Wouldn't that require physical access?

Ah, I missed the physical machines. No hypervisor to crack, just out of band management cards. :)