So are your secrets served from a central node that authenticates the certificates? What does your process look like for changing secrets when someone leaves the company?