You are viewing docs from the master branch, some of these features are not yet released.

salt.states.gpg¶

Manage GPG keychains¶

New in version 2016.3.0.

salt.states.gpg.absent(name, keys=None, user=None, gnupghome=None, keyring=None, keyring_absent_if_empty=False, **kwargs)¶

Ensure a GPG public key is absent from the keychain.

name: The key ID of the GPG public key.
keys: The key ID or key IDs to remove from the GPG keychain.
user: Remove GPG keys from the specified user's keychain.
gnupghome: Override GnuPG home directory.
keyring: Limit the operation to this specific keyring, specified as a local filesystem path.

New in version 3007.0.
keyring_absent_if_empty: Make sure to not leave behind an empty keyring file if keyring was specified. Defaults to false.

New in version 3007.0.

salt.states.gpg.present(name, keys=None, user=None, keyserver=None, gnupghome=None, trust=None, keyring=None, source=None, skip_keyserver=False, text=None, **kwargs)¶

Ensure a GPG public key is present in the GPG keychain.

name: The key ID of the GPG public key.
keys: The key ID or key IDs to add to the GPG keychain.
user: Add GPG keys to the specified user's keychain.
keyserver: The keyserver to retrieve the keys from.
gnupghome: Override GnuPG home directory.
trust: Trust level for the key in the keychain, ignored by default. Valid trust levels: expired, unknown, not_trusted, marginally, fully, ultimately
keyring: Limit the operation to this specific keyring, specified as a local filesystem path.

New in version 3007.0.
source: A (list of) path(s)/URI to retrieve the key(s) from. By default, this works as a backup option in case retrieving a key from the keyserver fails.

Note

All listed sources will be iterated over in order until the first one found to contain the requested key. If multiple keys are managed in a single state, the effective sources are allowed to differ between keys.

Important

Internally, this uses gpg.read_key to list keys in the sources. If a source is not a keyring, on GnuPG <2.1, this can lead to unintentional decryption.

New in version 3008.0.
skip_keyserver: Do not attempt to retrieve the key from the keyserver, only use source. Irrelevant when text is passed. Defaults to false.

New in version 3008.0.
text: Instead of retrieving the key(s) to import from a keyserver/URI, import them from this (armored) string.

Note

name or keys must still specify the expected key ID(s), so this cannot be used to indiscriminately import a keyring. Requires python-gnupg v0.5.1.

New in version 3008.0.

Generated on March 06, 2024 at 18:46:05 UTC.

You are viewing docs built from a recent snapshot of the master branch. Switch to docs for the latest stable release, 3007.0.

saltproject.io