git-secret
git-secret copied to clipboard
Add options to 'tell' for locating keys
In https://github.com/sobolevn/git-secret/issues/491#issuecomment-505418594 @bricewge talks about changes he required to import keys from non-default locations
... adding to git tell the ability to let the user choose how to import or locate keys would suffice, there will be no need to change the default behavior. I don't know all the gpg options related to key import but for me at least the option --auto-key-locate and --no-auto-key-locate are needed. To keep the options at a minimal and support different use case the implementation could be to pass to gpg the options after the option -- like it's done in many unix tools. In my case I would do: git tell -m -- --auto-key-locate local,keyserver --keyserver "hkp://keys.gnupg.net".
Edit: See also #268 and #629
See also #433, which is about adding an option to 'init'
@bricewge , after giving this some thought I decided that it'd be most consistent if we supported this via an env var, analogously to SECRETS_GPG_COMMAND
and SECRETS_PINENTRY
.
Perhaps this var could be called SECRETS_TELL_GPG_OPTIONS
and used like
export SECRETS_TELL_GPG_OPTIONS='--auto-key-locate local,keyserver --keyserver "hkp://keys.gnupg.net"'
git secret tell -m
If anyone else has a good idea for what to name this var, or other input, please comment below. Particularly interested in feedback from @bricewge, @simbo1905 and @sobolevn
LGTM.
Since the recent GPG keyserver debacle, if you need to use a keyserver in an example it would be a good idea to use hkps://keys.openpgp.org
instead of hkp://keys.gnupg.net
.
@bricewge , I worked up #535 to allow users to pass options to gpg when using git secret tell
.
Can you please test it out and let us know if it works for your purposes?
Also if you had some more documentation suggestions they would be welcome.