At the org I work with, we've published a PGP key a bunch of years ago for our support email that creates tickets in our RT instance. RT is nice and does support GPG encrypted emails.

As it happens, we've been dropping the ball some times with regards to keeping that key up to date (e.g. refreshing expiry time). It happened a couple of times that the key expired and we didn't notice until someone told us about it.

That's not good enough! We published that key and it is still valid so we should make sure that ppl can trust it by refreshing expiry time when appropriate.

Here comes Nagios to the recuse

I've cooked up a small Nagios plugin for checking a key's expiry date:

https://github.com/lelutin/nagios-plugins/blob/master/check_gpg

It comes off as CRITICAL when the key is already expired and can optionally come off as WARNING when the key will expire within a certain number of days. It also comes off as CRITICAL if the key was revoked (since that makes the whole expiry date useless to check).

Now we'll get a sweet notification from nagios 1 month in advance and will be able to keep that key up to date, and our users' confidence into that key intact.