Skip to content

morganekmefjord/mek-engineering

Repository files navigation

wkd — OpenPGP Web Key Directory for mek.engineering

Publishes the public OpenPGP key for morgan@mek.engineering via Web Key Directory (WKD), so anyone can run:

gpg --locate-external-keys morgan@mek.engineering

This repo contains public key material only. Never commit a private key here — .gitignore blocks *.asc, *secret*, *private*, etc.

Key: AF33 9889 F7ED D74D 33E0 EAA9 D186 9348 AE0F 3A39 WKD hash: kgph8h87ifttrpm6nor7hjhm97gi6s3f

Layout

advanced/   static tree for the advanced method (host: openpgpkey.mek.engineering)
direct/     static tree for the direct method   (host: mek.engineering)
nginx-wkd.conf   standalone nginx server blocks for static hosting
helm/wkd/   Helm chart: serves WKD from an unprivileged nginx pod on Kubernetes

Serving requirements

The key file must be served over HTTPS with:

  • Content-Type: application/octet-stream
  • Access-Control-Allow-Origin: *

Deploy on Kubernetes

helm install wkd ./helm/wkd

Adjust helm/wkd/values.yaml (hosts, ingress class, cert-manager issuer) to match your cluster, point DNS at the ingress, then verify with the gpg --locate-external-keys command above.

Rotating the key

Replace helm/wkd/files/key (and the direct//advanced/ hu/... files) with a fresh binary export and helm upgrade — the chart restarts pods on change.

gpg --no-armor --export-options export-minimal,no-export-attributes \
    --export AF339889F7EDD74D33E0EAA9D1869348AE0F3A39 > helm/wkd/files/key

Releases

No releases published

Packages

 
 
 

Contributors