> On 29 Jan 2026, at 18:15, Bear Giles <[email protected]> wrote:
> Most importantly - giving them a way to avoid knowing their private keys. > They can't expose what they don't have. FWIW there has been discussion among those of us who regularly dip our toes in the OpenSSL support code to add some form of integration with vaults (like vault from Hashicorp, ipa/idm from Redhat, Keychain from Apple etc) for storing secrets. AFAIK there are no concrete patches to look at (yet?), but there is interest and it will most likely be discussed at PGConf.dev in case you are thinking of attending. -- Daniel Gustafsson
