Importing a gpg2 key to a specific host on linux.
- Tests if your gpg2 key is present and implement it when not
- Idempotency is present in all actions
- Gnupg store is added to a specific user
Before running the role you should update defaults/main.yml with your gpg informations.
-
public.key ->
gpg -a --export username@email -
signing.key ->
gpg -a --export-secret-keys username@email -
ultimate.trust ->
gpg --export-ownertrust
gpg_user: Name of the user
gpg_group: Name of the group
gpg_email: Email of the gpg key
gpg_home: Where GPG will be located
gpg_sign_passwd: Password for GPG private key
gpg_ownertrust: Trust the implemented sign key
gpg_signkey: GPG private key
gpg_pubkey: GPG public key
The role is modular and has no dependencies
- hosts: reposerver
become: yes
vars:
gpg_user: repo_user
gpg_group: repo_group
gpg_email: repo@mail.com
gpg_home: /var/lib/repo
gpg_sign_passwd: {{ lookup('hashi_vault', ... }}
gpg_signkey: {{ lookup('hashi_vault', ... }}
gpg_ownertrust: <hash_sequence>:6:
gpg_pubkey: |
foo
roles:
- role: gpg2_key_import
MIT
Alexis Miles Oortmann (@MisterMiles) mister_dev@mailbox.org