Gpg recrypt emits error about missing pkcs7 key

[phutterman]

I'm able to decrypt, edit, and save files with encrypted values, but the recrypt command is consistently failing with an error about pkcs7 public key even when I'm specifying as completely as I can think to that I'm using gpg.

For example:

$ eyaml recrypt -n gpg  --gpg-gnupghome=/Users/nfutterman/.gnupg --gpg-always-trust --gpg-recipients-file=../puppet/hiera-eyaml-gpg.recipients file.yaml

Resolving dependencies...
[hiera-eyaml-core] No such file or directory @ rb_sysopen - ./keys/public_key.pkcs7.pem

Apologies if I'm doing something wrong here.

(And this is on ruby 2.6.6 on OS X with hiera-eyaml 3.2.1, hiera-eyaml-gpg 0.7.4, gpgme 2.0.20)

Edit: this looks like it's related to https://github.com/voxpupuli/hiera-eyaml/issues/301 (as that also looks like it's describing the same thing, recrypt trying to use pkcs7 instead of gpg, and it's failing in my case because I don't have pkcs7 keys configured/present)

[jess-belliveau]

@phutterman , I'm actually hitting this now working with some ancient eyaml - did you find a fix/workaround in the end?

edit: I managed to get passed this by specifying gpg:

eyaml recrypt --encrypt-method=gpg --change-encryption=gpg hieradata/path/to/eyaml/file.eyaml

[heini]

Can confirm the workaround works. However, I don't want to change the encryption method. It is gpg and will stay gpg, so this option shouldn't be needed.

Please change questionto bug.