Sending us sensitive content using GPG¶
The GPG public keyring for the DevOps team can be used to securely send files or emails to us.
Encrypt a file online¶
You can use this tool to securely encrypt a file to send to us via email. The data does not leave your web browser. All encryption is done entirely on your own device.
Firstly, select recipients for the file:
Secondly, paste the contents of the file:
And finally send us the encrypted contents using the appropriate method listed on the contact page.
Encrypting secrets via the command line¶
Here are some handy commands to keep around for using GPG to communicate with us. These instructions assume that:
- you have GPG installed and
- are relatively familiar with using the command line.
Listing contents of the public keyring¶
Download our GPG public keyring and use the following command:
gpg --list-keys --no-default-keyring --keyring ./teampubkeys.gpg
Encrypting a file to send to us¶
Download our GPG public keyring and use the
following command to encrypt a file named
foo.txt so that
email@example.com can decrypt it:
gpg --no-default-keyring --keyring ./teampubkeys.gpg --armour \ --recipient firstname.lastname@example.org \ --recipient email@example.com \ --encrypt foo.txt
The recipient email address must match those listed in the public keyring.
The use of
--no-default-keyring helps ensure that the key you use for a
recipient is one from our team keyring and not a personal key.
Updating the public key ring¶
If you're a DevOps division member, you can open a merge request on the
docs/downloads/teampubkeys.gpg. To import your public key
into the keyring:
gpg --no-default-keyring --keyring ./teampubkeys.gpg --import [KEYFILE]
[KEYFILE] is your public key. The GPG manual has a page on extracting
your public key.
If the command appears to have no effect, see if you have "use-keyboxd"
~/.gnupg/common.conf. If present, comment it out with an initial
before running the command above. Make sure to restore this file to its
original state after importing the key.