Install required tools first
$ # ubuntu
$ sudo apt-get install -y git gnupg pass pinentry-curses
$ # macos
$ brew install git gnupg2 docker-credential-helper pass pinentry-mac
There is no PPA for docker-credential-helper on Ubuntu, so install that directly
PKGARCH="linux-amd64$"
DURL="$(curl -s https://api.github.com/repos/docker/docker-credential-helpers/releases/latest | jq -r --arg arch $PKGARCH '.assets[] | select(.name|match($arch)) | .browser_download_url')"
curl -fsSL "$DURL" -o /usr/local/bin/docker-credential-pass
chmod +x /usr/local/bin/docker-credential-pass
chown root:root /usr/local/bin/docker-credential-passInitialize a gpg key in non-interactive mode (for extra security omit no-ask-passphrase and no-protection lines below)
$ gpg --batch --generate-key <<'EOF'
%echo Generating gpg key...
Key-Type: default
Subkey-Type: default
Name-Real: John Doe
Name-Email: [email protected]
Name-Comment: GPG
Expire-Date: 1y
%no-ask-passphrase
%no-protection
%commit
%echo done
EOF
$ gpg --list-secret-keys
$ gpg --armor --export $(gpg --list-keys --keyid-format=long | grep pub | grep -o -P '(?<=/)[A-Z0-9]{16}') > "${HOME}/.gnupg/john.doe.asc"
Set the key-type explicitly in case of an error like gpg: key generation failed: Unknown elliptic curve
Key-Type: RSA
Key-Length: 2048
Subkey-Type: RSA
Subkey-Length: 2048
You may import
john.doe.ascinto your profile on GitHub, GitLab, BitBucket, etc.
Initialize the password store
$ pass init [email protected]
Now do some configuration, on Ubuntu
$ cat <<EOF | tee "${HOME}/.gnupg/gpg-agent.conf" > /dev/null
default-cache-ttl 28800
pinentry-program $(which pinentry-curses)
EOF
$ gpg-connect-agent reloadagent /bye
On MacOS use pinentry-mac instead, also disable keychain to prevent your passphrase from being cached in the MacOS keychain if needed
$ cat <<EOF | tee "${HOME}/.gnupg/gpg-agent.conf" > /dev/null
default-cache-ttl 28800
pinentry-program $(which pinentry-mac)
EOF
$ gpg-connect-agent reloadagent /bye
$ defaults write org.gpgtools.common UseKeychain NO
Configure git
$ git config --global user.name 'John Doe'
$ git config --global user.email '[email protected]'
$ git config --global gpg.program $(which gpg)
$ git config --global credential.credentialStore gpg
$ git config --global user.signingKey $(gpg --list-keys --keyid-format=long | grep pub | grep -o -P '(?<=/)[A-Z0-9]{16}')
$ git config --global commit.gpgSign true
Make gpg respond to a correct tty (you may want to add this to your ~/.profile)
$ export GPG_TTY="$(tty)"
$ gpg-connect-agent updatestartuptty /bye
Install and configure twine
$ python -m pip install -U -qq pip setuptools wheel keyring-pass twine
$ python -c "import os,keyring.util.platform_; cr=keyring.util.platform_.config_root(); os.makedirs(cr,exist_ok=True); open(os.path.join(cr, 'keyringrc.cfg'), 'w+').writelines('\n'.join(['[backend]', 'default-keyring = keyring_pass.PasswordStoreBackend']))"
$ python -c "import os,keyring.util.platform_; cr=keyring.util.platform_.data_root(); os.makedirs(cr,exist_ok=True); open(os.path.join(cr, 'keyringrc.cfg'), 'w+').writelines('\n'.join(['[backend]', 'default-keyring = keyring_pass.PasswordStoreBackend']))"
Configure Docker
$ jq --arg helper 'pass' -n '.credsStore = $helper' > "${HOME}/.docker/config.json"
