I currently have my private keys encrypted in Apache. This requires me to manually type in the the pass phrase everytime I (manually) start Apache.

I could put the pass phrase in a startup file but what is the point? It will be in there in clear text and could be found so there doesn't seem to be a point.

What do most people do in this case? I'd really like my machine to be able to reboot without manual intervention.

Security is important to me and I certainly don't want my certificates used elsewhere. I just wondered how other people solve this issue.