Docker Community Forums

Share and learn in the Docker community.

Dockerize everything - run gpg inside container


(Larry Liang) #1


I’m using Docker tools box for Mac.

I’d like to be able to run gpg inside a container and use the container to decrypt my secrets (the gpg secret key is guarded by a passphrase). The decrypted secrets (in plain text) will be piped into another command as the input arguments. i.e.

docker run -it --rm -v ./.gupg:/root/.gupg ubuntu:latest ‘gpg -d aws_key.gpg’

The above command works well when running docker using “-it”. I can put in the passphrase for the secrete key interactively and see the secrets in plain text on the stdout. In this case, the decrypted text are aws key and id:
AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxx AWS_ACCESS_KEY_ID=xxxxxxxxxxxxxxxxxxxxx

However, I do not get prompted for putting in the passphrase anymore if I run the command using eval. such as
eval $(docker run -it --rm -v ./.gupg:/root/.gupg ubuntu:latest gpg -d aws_key.gpg)

In this case I lose the interactive shell with the container. For your information, the reason I use “eval” cmd here is to init local shell vars of aws secrets for the following command to use to call aws sts service.

I think this probably has something to do with mapping the docker stdin and stdout. But I’m not sure how to do that exactly.

I’d be greatly appreciated if someone could shed some lights on this one.