search

StackExchange / blackbox

Safely store secrets in Git/Mercurial/Subversion
MIT License
6.69k stars 370 forks source link

Secret key not available when decrypting multiple files #235

Open charlesverdad opened 6 years ago

charlesverdad commented 6 years ago

Running blackbox_postdeploy and blackbox_decrypt_all_files both output this error:

 % blackbox_decrypt_all_files
========== Importing keychain: START
gpg: Total number processed: 12
gpg:              unchanged: 12
========== Importing keychain: DONE
========== Decrypting new/changed files: START
gpg: decryption failed: secret key not available

But when I run blackbox_cat <file> or blackbox_edit_start <file> one by one for each file, it is able to decrypt all files successfuly.

I installed blackbox using the Zgen way in ubuntu 16.04

Versions:

charles@leopard ~ % gpg --version
gpg (GnuPG) 2.2.1
libgcrypt 1.8.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/charles/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
charles@leopard ~ % pinentry --version
pinentry-curses (pinentry) 1.0.0
Copyright (C) 2016 g10 Code GmbH
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
TomOnTime commented 6 years ago

Interesting issue!

Do the filenames have spaces or other special chars in them? (if you could list the files, that'd be awesome)

charlesverdad commented 6 years ago

@TomOnTime Nope, only dashes in some files. Here's a list of some of the files:

charles@leopard:~/abelian-group/kubernetes/helm/secret-values/all$ ls -1 *.gpg
db.yaml.gpg
gcp-creds.yaml.gpg
global.yaml.gpg
jira-bigquery-loader.yaml.gpg
prometheus.yaml.gpg

Though it might not be related to the filename since it works fine for my other teammates.

TomOnTime commented 6 years ago

Interesting. If you figure out what is different about your environment, please let us know. I'd like to add it to the docs to help future people.

Could it be related to this? https://github.com/StackExchange/blackbox#some-common-errors