Feature: PGP Asymmetric Encryption (#456)

* feat: asym encryption * tests * docs * refactor * logs & errs * comment * Update docs/reference/index.md use correct env var in example Co-authored-by: Frederik Ring <frederik.ring@gmail.com> * Update cmd/backup/encrypt_archive.go use errwarp for initial error msg Co-authored-by: Frederik Ring <frederik.ring@gmail.com> * rm orphaned code in encryption functions * inline readArmoredKeys * naming -GPG_PUBLIC_KEYS- to GPG_PUBLIC_KEY_RING * add eror handling for closing func * use dynamically generated keys for testing * rm explicit gpg-agent start * rm unnecessary private_key export * pass PASSPHRASE correctly to the decryption command * capture defer errors * log & err msg --------- Co-authored-by: Frederik Ring <frederik.ring@gmail.com>
2026-04-18 06:55:36 +02:00 · 2024-08-11 10:11:23 +02:00
parent f97ce11734
commit 8a64da4b0b
8 changed files with 191 additions and 15 deletions
--- a/docs/how-tos/encrypt-backups-using-gpg.md
+++ b/docs/how-tos/encrypt-backups-using-gpg.md
@@ -8,7 +8,7 @@ nav_order: 7
 # Encrypt backups using GPG

 The image supports encrypting backups using GPG out of the box.
-In case a `GPG_PASSPHRASE` environment variable is set, the backup archive will be encrypted using the given key and saved as a `.gpg` file instead.
+In case a `GPG_PASSPHRASE` or `GPG_PUBLIC_KEY_RING` environment variable is set, the backup archive will be encrypted using the given key and saved as a `.gpg` file instead.

 Assuming you have `gpg` installed, you can decrypt such a backup using (your OS will prompt for the passphrase before decryption can happen):