Skip to content

Commit

Permalink
update docs
Browse files Browse the repository at this point in the history
  • Loading branch information
TheRealFalcon committed Oct 21, 2024
1 parent 5c8743a commit 2d60e45
Showing 1 changed file with 21 additions and 0 deletions.
21 changes: 21 additions & 0 deletions doc/rtd/howto/pgp.rst
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,18 @@ Export the private key of the encrypting user:
$ gpg --export-secret-keys encrypting_user > /etc/cloud/keys/encrypting_user.gpg
Remove key ring
---------------

.. note::
This step is optional but recommended for a clean image.

Remove the keyring that was generated upon creating our first key:

.. code-block:: bash
$ rm -r ~/.gnupg/
Why export keys?
----------------

Expand All @@ -152,6 +164,15 @@ require that cloud-init only process PGP messages. To do so, create a file
user_data:
require_signature: true
Clean cloud-init
================

This is to ensure that cloud-init runs as if it were first boot:

.. code-block:: bash
$ cloud-init clean --logs
Retrieve our encrypted and signed user data
===========================================

Expand Down

0 comments on commit 2d60e45

Please sign in to comment.