Deal with expired or near-expiration trusted keys
View options
We currently only allow provisioning to production if pushes are signed with "trusted keys". If a trusted key expires, the admin will not be able to push and will need to do manual intervention in the server to recover.
We need to:
- Provide instructions to update keys directly in the server when one is locked out.
- Try to update keys when near expiration.
- Notify when a key is near expiration.