Does anyone think it would be a good idea to store the private key
encrypted? This would require a separate secret, presumably stored in a
configuration file, or using the PicketLink Vault Tool, to decrypt the
private key for use. Anyone who can get the private key can start issuing
access tokens to whatever resources they want.