The next step is to set the secrets in the vault. We need a gpg_pub_key, gpg_priv_key and passphrase. First, we will create the GPG keys.
Now we have two keys, private.key and public.key as well as a passphrase. Let’s save them as secrets in the vault.
1. secret/gpg_pub_key
Ensure that the values are properly created. The following commands should display the keys and passphrase:
$ gpg --full-generate-key $ gpg --list-secret-keys --keyid-format LONG > gpg: checking the trustdb gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 3 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 3u /Users/samr/.gnupg/pubring.kbx ------------------------------ sec rsa2048/590EFBF7A1A373CC 2021-06-29 [SC] $ gpg --output private.key --armor --export-secret-keys 590EFBF7A1A373CC $ gpg --output public.key --armor --export 590EFBF7A1A373CC
Now we have two keys, private.key and public.key as well as a passphrase. Let’s save them as secrets in the vault.
1. secret/gpg_pub_key
- Value is called pub_key
- Value is called priv_key
- Value is called pp
$ vault kv put secret/gpg_pub_key pub_key=@public.key $ vault kv put secret/gpg_priv_key priv_key=@private.key $ vault kv put secret/passphrase pp=<Passphrase>
Ensure that the values are properly created. The following commands should display the keys and passphrase:
$ vault kv get secret/gpg_pub_key $ vault kv get secret/gpg_priv_key $ vault kv get secret/passphrase