在 Docker 容器内以非交互方式解密 gpg 文件
Decrypt gpg files non-interactively inside a Docker container
我正在尝试解密 docker 容器中的 gpg
文件。粗略地说 Dockerfile
做一些基本的事情:
FROM myimage
RUN ...
...
COPY docker-entrypoint.sh /entrypoint
RUN chmod u+x /entrypoint
docker-entrypoint.sh
包含:
gpg --decrypt --passphrase=${PASSWORD} /path/to/encrypted/file > /path/to/unencrypted/file
...
exec "$@"
我在做:
docker build -t "myimage" .
docker run -e PASSWORD -ti myimage
我得到:
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
usage: gpg [options] --decrypt [filename]
…作为一个错误。密码环境变量被正确传递,同样的命令在我的机器上运行正确。
我试过 gpg2
但没有成功。
我刚发现问题:
gpg --decrypt --passphrase="${PASSWORD}" \
/path/to/encrypted/file > /path/to/unencrypted/file
即应使用引号,以便将环境变量正确转换为文本。
我正在尝试解密 docker 容器中的 gpg
文件。粗略地说 Dockerfile
做一些基本的事情:
FROM myimage
RUN ...
...
COPY docker-entrypoint.sh /entrypoint
RUN chmod u+x /entrypoint
docker-entrypoint.sh
包含:
gpg --decrypt --passphrase=${PASSWORD} /path/to/encrypted/file > /path/to/unencrypted/file
...
exec "$@"
我在做:
docker build -t "myimage" .
docker run -e PASSWORD -ti myimage
我得到:
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
usage: gpg [options] --decrypt [filename]
…作为一个错误。密码环境变量被正确传递,同样的命令在我的机器上运行正确。
我试过 gpg2
但没有成功。
我刚发现问题:
gpg --decrypt --passphrase="${PASSWORD}" \
/path/to/encrypted/file > /path/to/unencrypted/file
即应使用引号,以便将环境变量正确转换为文本。