A docker container to encrypt files using a public GPG key
Configuration is done via environment variables
ENCRYPT_RECIPIENT: GPG recipient to use for encryptionENCRYPT_AFTER_MINUTES: Encrypt matching files with mtime of at least the configured amount of hours (default: 60)ENCRYPT_GLOB: Pattern of files to encrypt, supports bash globbing. You can provide multiple patterns split by a space (default: '/data/pcaps/.{pcap,har} /data/hars/.har')ENCRYPT_INTERVAL: Interval to run at in seconds, empty string to disable (default 1h, 3600)
docker run --rm -v $PWD/keys:/keys -v /your/folder/to/encrypt:/data/ -e ENCRYPT_INTERVAL='' -e ENCRYPT_GLOB='/data/*' -e ENCRYPT_AFTER_HOURS='1' -e ENCRYPT_RECIPIENT='[email protected]' lblod/file-encryption-service
If at some point you wish to replace the gpg key (because it was revoked or will expire soon), add the new (public) key tot the keys directory and remove the old key from the gpg store using docker exec -it [container-name] gpg --delete-key [key-id].
You can retrieve the key using docker exec -it [container-name] gpg --list-keys.
- generate a key:
gpg --gen-key - export a public key:
gpg --output gpgkey.gpg --armor --export [key-id] - export a private key:
gpg --export-secret-keys [key-id] > file.asc - import a private key:
gpg --import [file] - decrypt a file:
gpg --decrypt [file]