gpg#
Core function to encrypt and decrypt message with gpg
- async idem_core_functions.exec.core.encryption.gpg.encrypt(hub, data: str, recipients: List[str] = [], sign: str = None, always_trust: bool = False, passphrase: str = None, armor: bool = True, output: str = None, symmetric: bool | str = False, extra_args: List[str] = None, public_key: str = None) Dict[str, Any] [source]#
Encrypt the message contained in the string ‘data’.
- Parameters:
data (str) – The data or message that needs to be encrypted.
recipients (list[str], Optional) – A list of key fingerprints for recipients.
sign (str, Optional) – Either the Boolean value True, or the fingerprint of a key which is used to sign the encrypted data.
always_trust (bool, Optional) – Skip key validation and assume that used keys are always fully trusted.
passphrase (str, Optional) – A passphrase to use when accessing the keyrings.
armor (bool, Optional) – Whether to use ASCII armor. If False, binary data is produced.
output (str, Optional) – The name of an output file to write to.
symmetric (Union[bool, str], Optional) – If specified, symmetric encryption is used. In this case, specify recipients as None. If True is specified, then the default cipher algorithm (CAST5) is used. The cipher-algorithm to use (for example, ‘AES256’) can also be specified.
extra_args (list[str], Optional) – A list of additional arguments to pass to the gpg executable. For example, Pass extra_args=[‘-z’, ‘0’] to disable compression
public_key (str, Optional) – Public key of the recipient. This public key will be imported and trusted, if not already.
- Returns:
{"result": True|False, "comment": list, "ret": None|dict}
Examples
Calling this exec module function from the cli
idem exec core.encryption.gpg.encrypt data=test-data-for-encryption
Using in a state:
Idem-state-name: exec.run: - path: core.encryption.gpg.encrypt - kwargs: data: test-data-for-encryption
- async idem_core_functions.exec.core.encryption.gpg.decrypt(hub, message: str, always_trust: bool = False, passphrase: str = None, output: str = None, extra_args: List[str] = None, private_key: str = None) Dict[str, Any] [source]#
Decrypt the message.
- Parameters:
message (str) – The encrypted message.
always_trust (bool, Optional) – Skip key validation and assume that used keys are always fully trusted.
passphrase (str, Optional) – A passphrase to use when accessing the keyrings.
output (str, Optional) – The name of an output file to write to.
extra_args (list[str], Optional) – A list of additional arguments to pass to the gpg executable.
private_key (str, Optional) – The private key of the recipient for decryption. This private key will be imported and trusted, if not already.
- Returns:
{"result": True|False, "comment": list, "ret": None|dict}
Examples
Calling this exec module function from the cli
idem exec core.encryption.gpg.decrypt message="This is for decryption test" passphrase="test"
Using in a state:
Idem-state-name: exec.run: - path: core.encryption.gpg.decrypt - kwargs: message: This is for decryption test passphrase: test