Hey,<p>First of all, i like the idea of centralizing the security around GPG in tech teams, there almost no tools that help with that.
The first problem that comes to my mind is that we don't understand how you will provide the product, is that a hardware key ? A Desktop client ?
For exemple in my case, i've setup yubikey for our devops team, i personally think that it's the best way to have gpg key around.
- Do your service/product will work with it ?
- If you don't provide a hardware key, how can you provide enough security ?<p>A great example of tech explanations is krypt.co [0] [1] which provide really example for different roles.<p>[0] <a href="https://krypt.co/developers/" rel="nofollow">https://krypt.co/developers/</a>
[1] <a href="https://krypt.co/devops/" rel="nofollow">https://krypt.co/devops/</a>