I am trying to decrypt a gpg file inside a docker container. Roughly speaking the Dockerfile does basic stuff:
FROM myimage
RUN ...
...
COPY docker-entrypoint.sh /entrypoint
RUN chmod u+x /entrypoint
The docker-entrypoint.sh contains:
gpg --decrypt --passphrase=${PASSWORD} /path/to/encrypted/file > /path/to/unencrypted/file
...
exec "$@"
I'm doing:
docker build -t "myimage" .
docker run -e PASSWORD -ti myimage
And I am getting:
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
usage: gpg [options] --decrypt [filename]
…as an error. The password environment var is being passed correctly, and that same command runs correctly on my machine.
I have tried with gpg2 with no success.
I just discovered the issue:
gpg --decrypt --passphrase="${PASSWORD}" \
/path/to/encrypted/file > /path/to/unencrypted/file
i.e. quotes should be used in order to the environment variable to be properly transformed to text.