Forge Home


Manage your RPM keyring through puppet


250,591 latest version

4.6 quality score

Version information

  • 1.0.3 (latest)
  • 1.0.2
  • 1.0.1
  • 1.0.0
released Feb 3rd 2015
This version is compatible with:
  • , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'stschulte-rpmkey', '1.0.3'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add stschulte-rpmkey
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install stschulte-rpmkey --version 1.0.3

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Tags: gpg, rpm


stschulte/rpmkey — version 1.0.3 Feb 3rd 2015

Puppet RPMKEY Module

Build Status Coverage Status Puppet Forge

This repository aims to ease the GPG keymanagement with rpm


A package maintainer can sign his RPM packages with a secret gpg key. This allows a third party (e.g. you) to verify the package with the corresponding public key. The rpm utility has its own keyring and commands to import and remove public gpg keys.

A key can be imported with rpm --import and will then present itself as an installed package of the form gpgkey-#{keyid}-#{signature_date}. In the same way the key can be removed from the keyring by removing the corresponding package with rpm --erase

The puppet way

The new puppet rpmkey type treats a single key as a puppet resource so you can e.g. specify

rpmkey { '0608B895':
  ensure => present,
  source => '',

The above resource will import the key if it is not already present. If you want to make sure that a key is absent (remove it when it is present) specify the following instead:

rpmkey { '0608B895':
  ensure => absent,

The name of the rpmkey resource has to be the keyID of the gpg key. If you have the public key available as a file but you are unsure of the correct keyID, use gpg to extract the keyID. For example, to find the keyID used by EPEL 7:

$ gpg ./RPM-GPG-KEY-EPEL-7
pub  4096R/352C64E5 2013-12-16 Fedora EPEL (7) <>

The string after the / is what rpmkey expects (352C64E5).

Running the tests

The easiest way to run the tests is via bundler

bundle install
bundle exec rake spec SPEC_OPTS='--format documentation'


Thanks to the following contributers, who made this module more usable:

  • Gene Liverman
  • Michael Moll
  • duritong