Forge Home

gnupg

Manage gnupg package and public keys

692,626 downloads

588,334 latest version

3.1 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

  1. Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
  2. Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

  • 1.2.3 (latest)
  • 1.2.2
  • 1.2.1
  • 1.2.0
  • 1.1.1
  • 1.1.0
  • 1.0.0
  • 0.0.5
  • 0.0.4
  • 0.0.3
  • 0.0.2
released Jan 21st 2016
This version is compatible with:
  • Puppet Enterprise >=3.0.0 <4.0.0
  • Puppet >=3.0.0 <4.0.0
  • , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'golja-gnupg', '1.2.3'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add golja-gnupg
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install golja-gnupg --version 1.2.3

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: gnupg, pgp

Documentation

golja/gnupg — version 1.2.3 Jan 21st 2016

#GnuPG puppet module

####Table of Contents

  1. Overview
  2. Installation
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module
  7. License

##Overview

Install GnuPG on Ubuntu/Debian/RedHat/CentOS/Amazon AMI and manage users public keys.

Tested with Tavis CI

NOTE: For puppet 2.7.x supported module please use version 0.X.X

Build Status Puppet Forge

##Installation

 $ puppet module install golja/gnupg

##Usage

####Install GnuPG package

include '::gnupg'

####Add public key 20BC0A86 from PGP server from hkp://pgp.mit.edu/ to user root

gnupg_key { 'hkp_server_20BC0A86':
  ensure     => present,
  key_id     => '20BC0A86',
  user       => 'root',
  key_server => 'hkp://pgp.mit.edu/',
  key_type   => public,
}

####Add public key D50582E6 from standard http URI to user foo

gnupg_key { 'jenkins_foo_key':
  ensure     => present,
  key_id     => 'D50582E6',
  user       => 'foo',
  key_source => 'http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key',
  key_type   => public,
}

####Add public key D50582E6 from puppet fileserver to user foo

gnupg_key { 'jenkins_foo_key':
  ensure     => present,
  key_id     => 'D50582E6',
  user       => 'foo',
  key_source => 'puppet:///modules/gnupg/D50582E6.key',
  key_type   => public,
}

####Add public key D50582E6 from puppet fileserver to user bar via a string value

gnupg_key { 'jenkins_foo_key':
  ensure      => present,
  key_id      => 'D50582E6',
  user        => 'bar',
  key_content => '-----BEGIN BROKEN PUBLIC KEY BLOCK-----...',
  key_type    => public,
}

Note: You should use hiera lookup to get the key content

####Remove public key 20BC0A86 from user root

gnupg_key {'root_remove':
  ensure   => absent,
  key_id   => '20BC0A86',
  user     => 'root',
  key_type => public,
}

###Remove both private and public key 20BC0A66

gnupg_key {'root_remove':
  ensure   => absent,
  key_id   => '20BC0A66',
  user     => 'root',
  key_type => both,
}

##Reference

###Classes

####gnupg

#####package_ensure

Valid value present/absent. In most cases you should never uninstall this package, because most of the modern Linux distros rely on gnupg for package verification, etc Default: present

#####package_name

Name of the GnuPG package. Default value determined by $::osfamily/$::operatingsystem facts

####gnupg_key

#####ensure

REQUIRED - Valid value present/absent

#####user

REQUIRED - System username for who to store the public key. Also define the location of the pubring (default ${HOME}/.gnupg/)

#####key_id

REQUIRED - Key ID. Usually the traditional 8-character key ID. Also accepted the long more accurate (but less convenient) 16-character key ID. Accept only hexadecimal values.

#####key_source

REQUIRED if key_server or key_content is not defined and ensure is present. A source file containing PGP key. Values can be URIs pointing to remote files, or fully qualified paths to files available on the local system.

The available URI schemes are puppet, https, http and file. Puppet URIs will retrieve files from Puppet's built-in file server, and are usually formatted as:

puppet:///modules/name_of_module/filename

#####key_server

REQUIRED if key_source or key_content is not defined and ensure is present.

PGP key server from where to retrieve the public key. Valid URI schemes are http, https, ldap and hkp.

#####key_content

REQUIRED if key_server or key_source is not defined and ensure is present.

Provide the content of the key as a string. This is useful when the key is stored as a hiera property and the consumer doesn't want to have to write that content to a file before the gnupg_key resource executes.

#####key_type

OPTIONAL - key type. Valid values (public|private|both). Default: public

PGP key server from where to retrieve the public key. Valid URI schemes are http, https, ldap and hkp.

Tests

There are two types of tests distributed with the module. Unit tests with rspec-puppet and system tests using rspec-system or beaker.

For unit testing, make sure you have:

  • rake
  • bundler

Install the necessary gems:

bundle install --path=vendor

And then run the unit tests:

bundle exec rake spec

If you want to run the system tests, make sure you also have:

  • vagrant > 1.3.x
  • Virtualbox > 4.2.10

Then run the tests using:

bundle exec rake spec:system

To run the tests on different operating systems, see the sets available in .nodeset.yml and run the specific set with the following syntax:

RSPEC_SET=debian-607-x64 bundle exec rake spec:system

Alernatively you can run beaker tests using:

bundle exec rake beaker

##Limitations

This module has been tested on:

  • Debian 6/7
  • Ubuntu 12+
  • RedHat 5/6/7
  • CentOS 5/6/7
  • Amazon AMI

##Development

Please see CONTRIBUTING.md

License

See LICENSE file