[pm90]

This would be pretty amazing if you could price it right.

I don’t think AWS will maintain its dominance organically forever. Cracks are already showing. There are too many expensive managed services; maybe fine if you have the budget, but for cash starved startups? Maybe a dead simple cloud provider that goes 90% of the way is good enough.

[9dev]

Yeah, I just looked into setting up a private CA to avoid having to store the private key manually, and it’s like $400 per month. I’m just not going to pay that. Comes in cheaper to pay someone to take a USB stick to a bank safe and fetch me that anytime I need to sign a cert…

[rswail]

Having just gone through that for the company I work for, a cloud based HSM that is compliant and attested for the key storage and an API around issuing/revoking/auditing certificates would cost a lot more.

So you're not paying for the private key storage, you could do that in AWS KMS for like $1/month. You're paying for the CA API.

[9dev]

But what if I don’t even need a HSM, but just somebody to store a CA certificate for me? Even if they just put it onto some storage and encrypt it with a KMS key, that’s more than enough for a vast amount of use cases. I don’t need government grade security. I just have some internal services that need to use a trusted certificate, and don’t want to maintain a server with storage myself, just for that.

I could build that service in a weekend(tm)!

[rswail]

So encrypt it with KMS and store it in S3.