I feel seen.

The compromise I’ve landed on is that I host my own DNS mx records, and point them to a paid enterprise mail provider.

This gets me the advantages of a paid provider while keeping my actual email address fully mine, to take wherever I want.

I did still have to learn a bunch of DNS rules in order to send all the correct “I’m not an evil spammer” headers and DNS records. But following a one page tutorial worked for me.

Edit: A disadvantage of my approach is that I’m still at the mercy of my email provider if I want to export my message history, and for the privacy of my message history.

Sometimes the obvious solution is the way to go.

Your idea sounds good to go ahead and publish your pubkey(s) to fully public URL you control and can memorize.

Then you can stash or memorize the curl command needed to grab it (them) and authorize something to it (them).

A lot of more complicated solutions are just fancy ways to safely move private keys around.

For my private keys, I prefer to generate a new one for each use case, and throw them out when I’m done with them. That way I don’t need a solution to move, share or store them.

Edit: Full disclosure - I do also use Ansible to deploy my public keys.

I was probably running some weird little Python web CGI dice roller or some such. I spent a lot of time teaching myself the HTTP stack the unnecessarily hard way, lol.

Yeah. Probably Apache. Can’t remember what that I was doing, but it almost certainly ran on Apache, and I almost certainly spent 90% of my energy configuring Apache.

Nice.

I’ve had acceptable outcomes on LibreComputer boxes running Armbian. I’ve had terrible luck with anything except the core Armbian image, but for a lot of stuff, Armbian on Libre gets the job done during the chip shortage.