I tend to create a private certificate authority for every side project, in order to create TLS certs for local development. I find it useful to have local development closely resemble production when at all possible, and "real" certificates are an important element.<p>Anyway I got tired of having these CA private keys on my local machine, especially as I started thinking about setting up a private CA for my company (<a href="https://riza.io" rel="nofollow">https://riza.io</a>). So I started thinking about what the simplest way to host a private CA might be.<p>You really only need two things: 1) secret storage, to hold the CA's private key, and 2) a computer with access to the secret that can run openssl.<p>It turns out that a GitHub repository has secret storage, and GitHub Actions provides a computer with access to that secret storage which can run openssl.<p>So I made a GitHub repo with a stupid-simple workflow and a couple of convenience shell scripts to use as a private CA. I've already used it as a template repo to host private CA's for my projects, and thought it might be useful to others.