Generating GPG Key Files

Prerequisite for Virtual Machines

On virtual Ubuntu systems, you can use RNG for quality random numbers. This will actually be required:

sudo apt-get install -y rng-tools
sudo rngd -r /dev/urandom

Automating GPG

For automating GPG, you can create generate keys using the following method. Toggle the values for the keys to best match your needs. This should be adequate

cat << EOF > gpg_batch
%echo Generating a GPG key, might take a while
Key-Type: RSA
Key-Length: 2048
Subkey-Type: RSA
Subkey-Length: 2048
Name-Real: MyCompany Ops Department
Name-Comment: Repo Signing
Name-Email: ops@mycompany.com
Expire-Date: 0
%pubring igg_aptly.pub
%secring igg_aptly.sec
%commit
%echo done
EOF
gpg --batch --gen-key gpg_batch

Installing Keys with Change Configuration

After you get this keys, you may want to convert them to ASCII so that you can use them perhaps in a change configuration system, like Chef encrypted data bags, Ansible vaulted variables, Puppet Encrypted Hiera, etc.

gpg --no-default-keyring --armor \
--secret-keyring ./repo_key.sec \
--keyring ./repo_key.pub \
--export ops@mycompany.com > repo_key.pub.asc
gpg --no-default-keyring --armor \
--secret-keyring ./repo_key.sec \
--keyring ./repo_key.pub \
--export-secret-key ops@mycompany.com > repo_key.sec.asc
sed ':a;N;$!ba;s/\n/\\n/g' repo_key.pub.asc
sed ':a;N;$!ba;s/\n/\\n/g' repo_key.sec.asc

--

--

Linux NinjaPants Automation Engineering Mutant — exploring DevOps, o11y, k8s, progressive deployment (ci/cd), cloud native infra, infra as code

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store