Another reason I suggest a blog is that you can have "sit downs" with people doing SOC1/SOC2 audits, PCI audits and the even more enjoyable FEDRAMP audits. Each blog could have a video showing the real audit and how your solution makes the account management pieces easier. This could be compelling not just to technical people but also to managers and directors that are obligated to pass these audits.
So for example, a person changes teams or leaves the company. You make a change in your app and can show that their public keys are no longer mapped to specific shared service management accounts and their user accounts are effectively disabled as it pertains to ssh key trusts.
ha, that's excellent. This is a really good point. We have already helped a lot of companies going through their SOC2 or ISO 27001, so that's an excellent suggestion. Not sure if companies would want to share their audits on video, though!
During the sensitive output you could flip the camera perspective to the unhappy look on their face before and the happy look on their face after you have simplified their lives. Or just use a staging environment for PCI/Fedramp as they hopefully don't just have a production environment unless they are wearing the t-shirt. I don't always make changes live but when I do, I do it in production.
So for example, a person changes teams or leaves the company. You make a change in your app and can show that their public keys are no longer mapped to specific shared service management accounts and their user accounts are effectively disabled as it pertains to ssh key trusts.