-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: NexFlow Security Contact

mQINBGZKmPIBEAC7... (placeholder — replace with real OpenPGP key before launch)

Replace this file with the actual ASCII-armored PGP public key
for security@nex-flow.io. Generate via:
  gpg --full-generate-key
  gpg --armor --export security@nex-flow.io > .well-known/pgp-key.txt

Key should be RSA 4096-bit or Ed25519/Curve25519.
Expires: 2 years max. Revocation cert must be stored offline.
-----END PGP PUBLIC KEY BLOCK-----