Forge Home

yapgp

Manage PGP public keys

507 downloads

159 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.1.3 (latest)
  • 0.1.2
  • 0.1.1
  • 0.1.0
released Aug 29th 2023
This version is compatible with:
  • Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
  • Puppet >= 6.21.0 < 8.0.0

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'tails-yapgp', '0.1.3'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add tails-yapgp
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install tails-yapgp --version 0.1.3

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

tails/yapgp — version 0.1.3 Aug 29th 2023

yapgp

Yet another PGP puppet module.

Table of Contents

  1. Description
  2. Setup - The basics of getting started with yapgp
  3. Usage - Configuration options and additional functionality
  4. Limitations - OS compatibility, etc.
  5. Development - Guide for contributing to the module

Description

This module is designed to manage PGP public keys. It can fetch keys, keep them up to date, set the trust level, and export them.

Setup

Beginning with yapgp

Just include yapgp and you're good to go (this will install ruby-gpgme).

Usage

Typical usage would look like:

include yapgp

pgp_key { 'Tails sysadmins':
  fp     => 'D113CB6D5131D34BA5F0FE9E70F4F03116525F43':
  ensure => present,
  user   => root,
  trust  => 4,
}

This will add the tails-sysadmins@boum.org PGP public key to root's keyring and set the owner trustlevel to 4.

In case the key is not retrievable from external sources (e.g., keyservers) or not importable from external sources (for instance, when a uid is missing), you may provide a source parameter:

pgp_key { 'deb.tails.boum.org signing key':
  ensure => present,
  source => 'https://gitlab.tails.boum.org/tails/tails/-/raw/stable/config/chroot_sources/tails.chroot.gpg?inline=false',
  fp     => 'D68F87149EBA77541573C1C12453AA9CE4123A9A',
}

Upon failing to import the key from external sources, yapgp will then attempt to fetch the keydata from the provided source (a URI or file location).

Functions

To export a key, you can use the export_pgp_key function. Please keep in mind that puppet functions are ran during catalog compilation, so regardless of the relationship you specify, it will always run before any pgp_key types are executed. Hence, to prevent exporting keys that are not present in the keyring (yet), it is recommended to set a condition like this:

if export_pgp_key('D113CB6D5131D34BA5F0FE9E70F4F03116525F43') {
  file { '/root/tails-sysadmins.asc':
    content => export_pgp_key('D113CB6D5131D34BA5F0FE9E70F4F03116525F43','root'),
  }
}

Also keep in mind that be default, functions run on the puppet server. If you want to export a key from the keyring on the agent, defer the function as such:

file { '/home/user/tails-sysadmins.asc':
  content => Deferred('export_pgp_key', [ 'D113CB6D5131D34BA5F0FE9E70F4F03116525F43', 'user' ]),
}

Facts

This module adds a custom fact called pgp_keys, containing a hash of all keys available in root's keychain, indexed by fingerprint.

Limitations

This module assumes dirmngr is properly configured.

Only Debian 10 and higher are currently supported.

There is no support for dealing with private keys, nor for any encryption or decryption of data.

Development

Merge requests are welcome ;-)