Vault Plugin: GPG Secret Backend
This is a standalone plugin for HashiCorp Vault.
This plugin handles GPG operations on data-in-transit in a similar fashion to what the
transit secret backend proposes.
Data sent to the backend are not stored.
As of today, the backend does not support encrypting data.
This backend has similar use cases with the transit secret backend
and the latter should be preferred if you do not need to interact with existing tools that are only GPG-aware.
Usage & setup
This is a Vault plugin, you need to have a working installation
of Vault to use it.
To learn how to use plugins with Vault, see the documentation on plugin backends
on the official Vault website. You can download and decompress the pre-compiled plugin binary for your architecture
from the latest release on GitHub. SHA256 checksum for the
pre-compiled plugin binary is also provided in the archive so it can be registered to your Vault plugin catalog.
All archives available from the release tab on GitHub.
All archives are signed using Cosign:
$ cosign verify-blob <file> --bundle <file>.bundle \
--certificate-oidc-issuer='https://token.actions.githubusercontent.com' \
--certificate-identity-regexp='https://github.com/LeSuisse/vault-gpg-plugin/\.github/workflows/Release\.yml'
Once mounted in Vault, this plugin exposes this HTTP API.