5
2
I'm using vagrant for building and signing my debian/ubuntu packages but I'd prefer to not have have to copy my GPG keys into the virtual machine just to sign packages. It just feels insecure. Is there any way to forward my local gpg-agent socket so it can be used in vagrant?
I know that OpenSSH 6.7 has support for socket forwarding, but for the moment I'd prefer to not replace the OpenSSH 6.2 included with OSX 10.10, since software updates are bound to blow away any changes made to SSH installed via homebrew.
All the gpg/ssh/socat tutorials I've found depend on the deprecated GPG_AGENT_INFO. How are others using GPG on remote hosts without transferring their keys?
notpeter
Posted 2015-06-01T19:36:54.940
Reputation: 899
1I'd guess most are using subkeys for this task, which can be easily revoked and exchanged if necessary. You could also pass a smartcard reader into the virtual machine. Software installed via homebrew should not be affected by system updates at all, as they all go into
/usr/local. – Jens Erat – 2015-06-01T20:46:37.710@Jens-erat That's a really interesting angle. Certainly worth investigating. – notpeter – 2015-06-02T00:29:07.880
4
Possible duplicate of How can I forward a gpg key via ssh-agent?
– phs – 2016-10-02T22:03:20.0171This was useful to me. – phs – 2016-12-05T18:54:45.957