I’m working on a fork of the vault-gpg-plugin, to try to make it behave as closely as possible to the Transit Secrets Engine.
I noticed that while Transit worries a lot about policies, lock management, and caching, the original vault-gpg-plugin does not. Instead, it seems to write directly to the underlying storage. Also, it does not handle different versions of keys with the same name.
Where do I find more documentation on best practices for writing a custom plugin? How should a plugin author handle the issues discussed above? Thanks for your time!