I'm commonly using hiera-eyaml-gpg inside hiera in puppet and came across quite interesting problem.
Lets assume we have everyting ready to do the encryption around secrets in YAML:
- ruby-dev package installed
- gpg agent working and handing local keyring
So lets assume we have all of that above and we want to edit some yaml with encrypted variables. EYAML is keeping all allowed keys in
hiera-eyaml-gpg.recipients and keys that are missing in our local keyring we can search and import from any remore server
gpg --keyserver pgp.mit.edu --search-keys <ID|email>
While adding new encrypted variables and trying to save the file I started to have this error when writing:
... [hiera-eyaml-core] Unusable public key
I've tried to debug with both verbose logging and strace but didn't able to figure it out.
While checking the GPG setup around agent and config I've noticed a old revoked key in my local keyring:
pub rsa2048/E3545A56 2016-03-14 [SC] [revoked: 2016-03-17] uid [ revoked] Bartlomiej Jakubowski (natur) <email@example.com>
Now its kind of obvieus but when looking for this I had no idea this can be a problem. I will call it a good lesson for the future :)