{"id":21133362,"url":"https://github.com/purpleclay/gpg-import","last_synced_at":"2026-06-01T07:01:02.028Z","repository":{"id":172930629,"uuid":"642664038","full_name":"purpleclay/gpg-import","owner":"purpleclay","description":"Import and configure GPG signing for git","archived":false,"fork":false,"pushed_at":"2026-05-28T07:15:14.000Z","size":305,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-05-28T08:18:00.654Z","etag":null,"topics":["ci","git","gpg","gpg-import","rust","signing"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/purpleclay.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-05-19T04:33:44.000Z","updated_at":"2026-05-28T07:10:24.000Z","dependencies_parsed_at":null,"dependency_job_id":"2f8fb980-343d-452d-8f6c-7e919e0fb205","html_url":"https://github.com/purpleclay/gpg-import","commit_stats":null,"previous_names":["purpleclay/gpg-import"],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/purpleclay/gpg-import","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/purpleclay%2Fgpg-import","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/purpleclay%2Fgpg-import/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/purpleclay%2Fgpg-import/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/purpleclay%2Fgpg-import/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/purpleclay","download_url":"https://codeload.github.com/purpleclay/gpg-import/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/purpleclay%2Fgpg-import/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33763655,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-01T02:00:06.963Z","response_time":115,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ci","git","gpg","gpg-import","rust","signing"],"created_at":"2024-11-20T06:07:42.489Z","updated_at":"2026-06-01T07:01:01.961Z","avatar_url":"https://github.com/purpleclay.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GPG Import\n\n![Nix](https://img.shields.io/badge/Nix-5277C3?logo=nixos\u0026logoColor=white)\n![Rust](https://img.shields.io/badge/Rust-CE412B?logo=rust\u0026logoColor=white)\n[![MIT](https://img.shields.io/badge/MIT-gray?logo=github\u0026logoColor=white)](LICENSE)\n\nImport and configure GPG signing for git. Runs on Linux and MacOS.\n\n## Features\n\n- Import GPG keys in ASCII armored format (_optionally base64 encoded for CI environments_).\n- Configure local or global git signing settings.\n- Preset GPG agent passphrase for non-interactive signing.\n- Set key trust level.\n- Select a specific key or subkey for signing via fingerprint.\n- Override committer identity independently from the GPG key.\n- Dry-run mode to preview changes without applying them.\n\n## Install\n\nTo install the latest version using a bash script:\n\n```sh\nsh -c \"$(curl https://raw.githubusercontent.com/purpleclay/gpg-import/main/scripts/install)\"\n```\n\nDownload a specific version using the `-v` flag. The script uses `sudo` by default but can be disabled through the `--no-sudo` flag. You can also provide a different installation directory from the default `/usr/local/bin` by using the `-d` flag:\n\n```sh\nsh -c \"$(curl https://raw.githubusercontent.com/purpleclay/gpg-import/main/scripts/install)\" \\\n  -- -v 0.3.0 --no-sudo -d ./bin\n```\n\n## Run with Nix\n\nIf you have nix installed, you can run the binary directly from the GitHub repository:\n\n```sh\nnix run github:purpleclay/gpg-import -- --help\n```\n\n## Prerequisites\n\n[Generate](https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key) a GPG key and export it as an ASCII armored private key:\n\n```sh\ngpg --armor --export-secret-key batman@dc.com\n```\n\nFor CI environments that don't handle multiline secrets well, you can base64 encode the key:\n\n```sh\ngpg --armor --export-secret-key batman@dc.com | base64\n```\n\n## Quick Start\n\nSet the `GPG_PRIVATE_KEY` environment variable (and optionally `GPG_PASSPHRASE`), then run:\n\n```sh\n$ gpg-import\n\n\u003e Detected GnuPG:\nversion: 2.4.5 (libgcrypt: 1.10.3)\nhomedir: /root/.gnupg\n\n\u003e Imported GPG key:\nuser:           batman \u003cbatman@dc.com\u003e\nfingerprint:    85E1AA4D4F9FE316A8F452DDEF48BE1DFBFA8BA5\nkeygrip:        99A0B6DD933CC25D0DC8D36299B4F51A9E3DD8C9\nkey_id:         EF48BE1DFBFA8BA5\ncreated_on:     Wed, 11 Jun 2025 04:36:06 +0000\nexpires_on:     Thu, 11 Jun 2026 04:36:06 +0000 (in 364 days)\nsub_keygrip:    A6780D53C3236724F960FD8AC07848F38C66CF48\nsub_key_id:     008183F9F50359D1\nsub_created_on: Wed, 11 Jun 2025 04:36:06 +0000\nsub_expires_on: Fri, 11 Jul 2025 04:36:59 +0000 (in 29 days)\n\n\u003e Setting Passphrase:\nkeygrip: 99A0B6DD933CC25D0DC8D36299B4F51A9E3DD8C9 [EF48BE1DFBFA8BA5]\nkeygrip: A6780D53C3236724F960FD8AC07848F38C66CF48 [008183F9F50359D1]\n\n\u003e Setting Trust Level:\ntrust_level: 5 [EF48BE1DFBFA8BA5]\n\n\u003e Git config set (local):\nuser.name:       batman\nuser.email:      batman@dc.com\nuser.signingKey: AE799E2DEB4AFE11\ncommit.gpgsign:  true\ntag.gpgsign:     true\npush.gpgsign:    if-asked\n```\n\n## Configuration\n\nAll options can be set via CLI flags or environment variables:\n\n| Flag                    | Environment Variable      | Description                                                |\n| ----------------------- | ------------------------- | ---------------------------------------------------------- |\n| `-k, --key`             | `GPG_PRIVATE_KEY`         | GPG private key (use `-` for stdin or `@path` for file) |\n| `-p, --passphrase`      | `GPG_PASSPHRASE`          | Passphrase for the GPG key                                 |\n| `-f, --fingerprint`     | `GPG_FINGERPRINT`         | Fingerprint of a specific key or subkey to use for signing |\n| `-t, --trust-level`     | `GPG_TRUST_LEVEL`         | Trust level for the key (1-5)                              |\n| `-s, --skip-git`        | `GPG_SKIP_GIT`            | Skip git configuration                                     |\n| `--git-global-config`   | `GPG_GIT_GLOBAL_CONFIG`   | Apply git config globally instead of locally               |\n| `--git-committer-name`  | `GPG_GIT_COMMITTER_NAME`  | Override committer name                                    |\n| `--git-committer-email` | `GPG_GIT_COMMITTER_EMAIL` | Override committer email                                   |\n| `--dry-run`             | `GPG_DRY_RUN`             | Preview changes without applying them                      |\n\n### Trust Levels\n\n| Level | Description               |\n| ----- | ------------------------- |\n| 1     | I don't know or won't say |\n| 2     | I do NOT trust            |\n| 3     | I trust marginally        |\n| 4     | I trust fully             |\n| 5     | I trust ultimately        |\n\n## Examples\n\n### Basic import with passphrase\n\n```sh\ngpg-import --key \"$GPG_PRIVATE_KEY\" --passphrase \"$GPG_PASSPHRASE\"\n```\n\n### Import from stdin\n\nPipe a key directly from GPG:\n\n```sh\ngpg --armor --export-secret-key batman@dc.com | gpg-import --key -\n```\n\n### Import from file\n\nRead a key from a file:\n\n```sh\ngpg-import --key @/path/to/private.key\n```\n\n### Global git configuration\n\nApply signing configuration to your global git config instead of the local repository:\n\n```sh\ngpg-import --key \"$GPG_PRIVATE_KEY\" --git-global-config\n```\n\n### Using a specific subkey\n\nSelect a specific subkey for signing by its fingerprint:\n\n```sh\ngpg-import --key \"$GPG_PRIVATE_KEY\" --fingerprint \"A6780D53C3236724F960FD8AC07848F38C66CF48\"\n```\n\n### Override committer identity\n\nUse a different committer identity than the one in the GPG key:\n\n```sh\ngpg-import --key \"$GPG_PRIVATE_KEY\" \\\n  --git-committer-name \"Bruce Wayne\" \\\n  --git-committer-email \"bruce@wayne.enterprises\"\n```\n\n### Dry run\n\nPreview what would happen without making any changes:\n\n```sh\ngpg-import --key \"$GPG_PRIVATE_KEY\" --dry-run\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpurpleclay%2Fgpg-import","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpurpleclay%2Fgpg-import","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpurpleclay%2Fgpg-import/lists"}