Generate pgp keys for sops.

2025-12-21 14:17:31 -05:00
parent cd313e673b
commit 651a97d126
3 changed files with 65 additions and 1 deletions
--- a/nix/kubernetes/keys/package/pgp-key/package.nix
+++ b/nix/kubernetes/keys/package/pgp-key/package.nix
@@ -0,0 +1,50 @@
+# unpackPhase
+# patchPhase
+# configurePhase
+# buildPhase
+# checkPhase
+# installPhase
+# fixupPhase
+# installCheckPhase
+# distPhase
+{
+  stdenv,
+  gnupg,
+  key_name,
+  expire_date ? "0",
+  pgp_comment ? "${key_name}",
+  pgp_name ? "${key_name}",
+  ...
+}:
+stdenv.mkDerivation (finalAttrs: {
+  name = "pgp-key-${key_name}";
+  nativeBuildInputs = [ gnupg ];
+  buildInputs = [ ];
+
+  unpackPhase = "true";
+
+  buildPhase = ''
+    mkdir keyring
+    export GNUPGHOME=$(readlink -f keyring)
+
+    gpg --batch --full-generate-key <<EOF
+    %no-protection
+    Key-Type: 1
+    Key-Length: 4096
+    Subkey-Type: 1
+    Subkey-Length: 4096
+    Expire-Date: ${expire_date}
+    Name-Comment: ${pgp_comment}
+    Name-Real: ${pgp_name}
+    EOF
+
+
+  '';
+
+  installPhase = ''
+    export GNUPGHOME=$(readlink -f keyring)
+    mkdir "$out"
+    gpg --export-secret-keys --armor "${pgp_name}" > "$out/${key_name}_private_key.asc"
+    gpg --export --armor "${pgp_name}" > "$out/${key_name}_public_key.asc"
+  '';
+})