[apawloski]

How are you managing your SSH keys to make <1HR rotation feasible?

[tptacek]

With an SSH CA.

[kasey_junk]

Is there one of those you’d recommend?

[skywhopper]

Check out Hashicorp Vault (https://www.vaultproject.io/docs/secrets/ssh/signed-ssh-cert...) for a general product (has lots of the features of AWS Secrets Manager as well), or Netflix BLESS (https://github.com/Netflix/bless) for a very specific tool for just this.

[euroclydon]

I found these:

https://www.digitalocean.com/community/tutorials/how-to-crea...

https://medium.com/uber-security-privacy/introducing-the-ube...