So it’s a best practice to use a key management tool.

But there are no cross-platform key management tools.

So you need to use at least 2 different key management tools.

And you need to somehow send your keys to the other key management tool using (probably) an insecure channel.

🥴