Sign your own binaries with go-tool-base, part 4: mint and publish your public key
By the end of Part 3 your release pipeline can sign through a KMS key it never holds, over credentials that expire in minutes. The private half is locked away exactly where you want it. There’s a snag, though: a …
