# #
All keys are regularly refreshed to check for modified expirations, or new subkeys, or new keys signed by old keys.
This refresh SHOULD happen via some anonymizing mechanism.
A registered key MUST be replaced by a new key in one of the following situations, and ONLY these situations:
sudo gem install leap_cli
leap new example --domain example.org
cd example
leap add-user --self
leap cert ca
leap cert dh
leap cert csr
leap node add blueberry services:openvpn \
ip_address:1.1.1.1 openvpn.gateway_address:1.1.1.2
leap node add raspberry services:couchdb,webapp \
ip_address:1.1.1.3
leap init node
leap deploy