Private Key is held in an environment variable called 'OPEN_KEY'. Wouldn't they be better served retrieving the key from Vault or KMS for revocation purposes?
In practice, we do store things in Vault, but we expose that to VMs (where this runs in our architecture) via environment variables injected into the entrypoint process by our init through our orchestrator. You could write direct Vault integration, or do what most people probably do and just use Vault to set an environment variable.