-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GPG module and key lookup #238
Comments
Files identified in the description: If these files are inaccurate, please update the |
@Akasurde Not sure about this though, what do you think of moving this to |
@aminvakil Make sense. |
I transferred the issue to the community.crypto repo. We alreayd have a similar issue: #199. Which Python library to use is a big question. The fork of python-gnupg mentioned above has not seen any commit for almost 3 years now. The original (https://bitbucket.org/vinay.sajip/python-gnupg/downloads/) seems to be still actively developed. |
From @ageis on May 09, 2019 11:17
SUMMARY
Ansible could use a GPG module, for managing keyrings, importing and exporting keys, verifying and making signatures, and decrypting and encrypting data (both symmetric and non). Working with GPG keys, outside of the context of apt, is an extremely common sysadmin task which we can make it easier to automate. I think the addition of this module could be complemented by a "gpgkey" lookup which returns matching keys. I am on the fence about whether encryption, decryption, and sign+verify functions should be split into their own submodules.
I've seen no prior tickets or discussion of this, so I've taken on the task of developing it myself, and have already implemented a significant amount of the prospective functionality, and am creating this issue in order to track my progress. Please assign it to me. Hopefully this will be ready in time for 2.9.
This is a project which could prove thorny/hairy to maintain going forward. For elucidation on why that is, I'd love to quote @isislovecruft:
For now I've decided to rely on her version of python-gnupg which is now called pretty-bad-protoco] (PyPi, GitHub); in my experience and the opinion of people I trust it's simply better, but that is a decision which the project/community will have to review when it's PR-time.
I found two modules out there, but IMO neither of them are presently suitable for inclusion in core for various reasons. I want to note the prior effort by @tnt and @brandonkal anyway:
ISSUE TYPE
COMPONENT NAME
ADDITIONAL INFORMATION
My work-in-progress is located here: https://git.cointel.pro/FOSS/ansible-module-gpg
Copied from original issue: ansible/ansible#56262
The text was updated successfully, but these errors were encountered: