Image for post
Image for post

Generating GPG Key Files

At some point, you may have to generate a pair of GPG keys for use with signing packages, like Debian packages. You may want to create a public repository for your packages, or a mirror, either various Debian tools or automate the process with Aptly.

For this process to work, you need to have a private key stored on the server, and the clients will need a public key.

But how to you automate this process?

Prerequisite for Virtual Machines

On virtual Ubuntu systems, you can use RNG for quality random numbers. This will actually be required:

Automating GPG

For automating GPG, you can create generate keys using the following method. Toggle the values for the keys to best match your needs. This should be adequate

Installing Keys with Change Configuration

After you get this keys, you may want to convert them to ASCII so that you can use them perhaps in a change configuration system, like Chef encrypted data bags, Ansible vaulted variables, Puppet Encrypted Hiera, etc.

For this process you can do the following:

Now you have the actual keys in naked clear text file — something rather dangerous!

You may need to convert these in to a single line. You can do this using sed:

With these, you can now store these encrypted strings in your git repo, in the format used by your preferred change configuration platform, e.g. encrypted data bags, encrypted variable yaml files, or encrypted hiera files.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store