Forward GPG agent socket into a container
Switch branches/tags
Nothing to show
Clone or download
Pull request Compare This branch is 6 commits ahead of abrugh:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
Dockerfile
LICENSE.md
Makefile
README.md
docker-entrypoint.sh
pinata-gpg-build.sh
pinata-gpg-forward.sh
pinata-gpg-pull.sh
sshd_config

README.md

Forward GNUPG agent socket into a container

Based on https://github.com/uber-common/docker-ssh-agent-forward

Still experimental -- contact kouk@transifex.com if you want help.

Installation

Assuming you have a /usr/local

$ git clone git://github.com/transifex/gpg-agent-forward
$ cd gpg-agent-forward
$ make
$ make install

On every boot, do:

pinata-gpg-forward

and the you can add -v /gpg-agent:/path/to/.gnupg/ to your docker CLI command to mount the GNUPG home directory into your container:

$ docker run -it -v /gnupg:/root/.gnupg transifex/gpg-agent-forward gpg -a -s
foo
-----BEGIN PGP MESSAGE-----
...

To fetch the latest image, do:

pinata-gpg-pull

Running as non-root

If you want to use the GNUPG home dir in a container as a non-root user you need to first fix permissions (assuming 1000 is your user id):

docker exec pinata-gpg-agent chown -R 1000:1000 /gpg-agent
docker exec pinata-gpg-agent chmod -R 700 /gpg-agent

Developing

To build an image yourself rather than fetching from Docker Hub, run ./pinata-gpg-build.sh from your clone of this repo.

We didn't bother installing the build script with the Makefile since using the hub image should be the common case.

Contributors

License is ISC.