The complexity of the cntools suite of scripts is overwhelming. They attempt to automate everything to the point that stake pool operators blindly trust without understanding them.
I just found out that the cntools suite encourages pool operators to keep their cold keys on their block producer machines. It provides a feature to encrypt and decrypt the cold key files.
See my thread comment: Encrypting pool files using cntools question - #8 by Terminada
I don’t think this “feature” is a good idea at all. But maybe I am wrong because maybe some pool operators will still have their cold keys on their block producer but leave them unencrypted instead. Not that encryption would make much difference since an attacker with access will easily keylog the password.
I wonder if people using hosted servers realise that the hosting provider has complete access to their machines and can copy any file they want?
Cold keys should never be on the block producer. Not even once. Providing a false sense of security encourages people to do this.