As a pulp administrator, I want to write a signing service script, that is not hard coded to a particular key
Starting with pulpcore 3.13 (I think) signing services save the public key and its fingerprint in their model.
If they were to pass at least the fingerprint to the sub-process call of the signing service (either as a parameter or via ENV variable), it would no longer be necessary for signing service executables to be hard coded to a particular key (or otherwise guess what key they should use). This makes it much easier to document and share example signing service scripts, and is simply better design. ;-)
This is also how pulp_deb signing services in Pulp 2 times worked.