Add GPG/OpenPGP secrets engine #1
Reference in New Issue
Block a user
Delete Branch "benvin/gpg-engine"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Provide a transit-style Vault/OpenBao secrets engine whose key material is OpenPGP, so services can sign/verify/encrypt/decrypt with GPG keys that never leave the barrier — and so tools like
passcan encrypt to an exported public key while delegating decryption back to Vault.keys/<name>CRUD+list,config,rotate,import) with private material seal-wrapped underkey/and per-key locking.sign/verify(detached OpenPGP) andencrypt/decryptpaths;decryptauto-detects armored vs raw-binary ciphertext (what pass/gpg write).export/<public-key|private-key>/<name>; public always exportable, private only when the key is marked exportable.gpgandpassinterop.e7dda4bcdato71cc398197