I am trying to import a GPG key on a Gitlab CI system with an ubuntu:bionic Docker image. To do this securely, I have to store the key in a so called secret variable (which then simply becomes an environment variable at runtime).
So I tried to export the key in a non-binary format like this:
gpg2 --armor --export-secret-keys "my name <my email>" > my-gpg-key.asc my-gpg-key.asc looked like this then:
-----BEGIN PGP PRIVATE KEY BLOCK----- long multi line ascii string -----END PGP PRIVATE KEY BLOCK----- Then I copied the file contents and defined a secret variable from it. The variable is called LAUNCHPAD_GPG_PRIVATE_KEY
Here is what I tried:
apt-get -qq update --yes apt-get -qq install --yes gnupg2 > /dev/null export GPG_TTY=$(tty) # compensate for ioctl error gpg2 --list-keys gpg2 -v --import <(echo "$LAUNCHPAD_GPG_PRIVATE_KEY") gpg2 --list-keys This causes:
gpg: key 17B1EA9E090F697D/17B1EA9E090F697D: error sending to agent: No such file or directory gpg: error building skey array: No such file or directory I also tried to export and import the key with gpg instead of gpg2: Same result...
I also tried running
gpg-agent --daemon and
gpg-agent --daemon --allow-loopback-pinentry before the import... but still: Same error.
Any ideas how this can be done properly?
1 Answer
I managed import it without any errors by adding the batch flag.
gpg2 -v --batch --import <(echo "$LAUNCHPAD_GPG_PRIVATE_KEY") Don't ask me why this fixes it. It took me hours to figure this out...
1