Importing GPG keys during deployment

I have a Django app and am using python-gnupg to encrypt files before storing them on S3.

As part of that, I need to import a GPG public key to do the encryption. In my build.sh, I have a command gpg --import filename.asc.

In the deployment logs, it says something like this:

gpg: key 0A92B0XXXXXXX49B: "Human Name <human@domain.example>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

That’s weird, because how could the filesystem already have the key?

Then, after deployment, I log in and do a gpg --list-keys, and the key isn’t there! In fact, it’s like the .gnupg directory was never created.

Does anyone have any idea what’s going on? Does the deployment occur in some environment that clears part of the filesystem after deployment?

Update: Clearing the build cache and deploying gets rid of the “unchanged” message and the logs seem to indicate that the public key is successfully imported. But the entire ~/.gnupg directory is missing if I shell in after the deployment is complete.

Is something clearing the user render’s home directory after the deployment? Separately, are there some docs on what the build cache is or what exactly it is caching?

Hi,

Build & runtime containers are different. Only files within /opt/render/project/ are taken from build to runtime. Maybe try setting your PGP Home Directory within that path with the GNUPGHOME env var, or --homedir option.

Alan

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.