Last active
February 14, 2025 19:37
-
-
Save ChrisRomp/5e679f2a94e9c98134d36d0b6aae3eee to your computer and use it in GitHub Desktop.
Azure Key Vault GPG Key Management
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Export and upload GPG keys to Azure Key Vault | |
| $UserId = "" # GPG email address | |
| $SecretKeyName = "github-gpg-secret-key" | |
| $PublicKeyName = "github-gpg-public-key" | |
| $KeyVaultName = "" # Key Vault Name | |
| $SecretKeyFile = ".\sk.asc" | |
| $PublicKeyFile = ".\pk.asc" | |
| # Send Private Key | |
| $(gpg --armor --export-secret-keys --with-fingerprint $UserId) | Out-File $SecretKeyFile | |
| $SecKeyInfo = $(gpg -K --with-fingerprint $UserId)[0] | |
| $SecKeyExp = $SecKeyInfo.SubString($SecKeyInfo.IndexOf("[expires: ") + 10, 10) | |
| az keyvault secret set --vault-name $KeyVaultName --name "$SecretKeyName" --encoding utf-8 --expires "$SecKeyExp" --file $SecretKeyFile --query "id" -o tsv | |
| Remove-Item $SecretKeyFile | |
| # Send Public Key | |
| $(gpg --armor --export --with-fingerprint $UserId) | Out-File $PublicKeyFile | |
| $PubKeyInfo = $(gpg -K --with-fingerprint $UserId)[0] | |
| $PubKeyExp = $PubKeyInfo.SubString($PubKeyInfo.IndexOf("[expires: ") + 10, 10) | |
| az keyvault secret set --vault-name $KeyVaultName --name "$PublicKeyName" --encoding utf-8 --expires "$PubKeyExp" --file $PublicKeyFile --query "id" -o tsv | |
| Remove-Item $PublicKeyFile |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Import GPG keys from Azure Key Vault | |
| KV_NAME="" # Key Vault Name | |
| SECRET_KEY_NAME="github-gpg-secret-key" | |
| PUBLIC_KEY_NAME="github-gpg-public-key" | |
| # Import Public Key | |
| az keyvault secret show --vault-name $KV_NAME --name $PUBLIC_KEY_NAME --query "value" -o tsv | gpg --import | |
| # Import Private Key | |
| export GPG_TTY=$(tty) | |
| az keyvault secret show --vault-name $KV_NAME --name $SECRET_KEY_NAME --query "value" -o tsv | gpg --import | |
| # Configure git to use GPG key | |
| USER_ID="" # GPG email address | |
| SIGNING_KEY=$(gpg --list-signatures --with-colons --with-fingerprint $USER_ID | grep 'sig::' | head -n 1 | cut -d':' -f5) | |
| git config --global user.email $USER_ID | |
| git config --global user.signingkey $SIGNING_KEY | |
| git config --global commit.gpgsign true | |
| git config --global tag.forceSignAnnotated true | |
| # Set trust on key | |
| gpg --edit-key $SIGNING_KEY | |
| # command: trust | |
| # level: 5 / ultimate |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Set git to use the GPG signing key | |
| $UserId = "" # GPG email address | |
| $SecKeyLongId = $(gpg --list-secret-keys --with-fingerprint $UserId)[1].Replace(" ", "") | |
| $SecKeyId = $SecKeyLongId.Substring($SecKeyLongId.Length - 16) | |
| git config --global user.email $UserId | |
| git config --global user.signingkey $SecKeyId | |
| git config --global commit.gpgsign true | |
| git config --global tag.forceSignAnnotated true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment