Question 85381 in Docker Question posted in
The official documentation can be found here.

Prevent GPG key sharing in VSCode Remote Container – Docker

The following paragraph in the official docs describes how to enable GPG key sharing (from localhost to Remote Container) in VSCode (https://code.visualstudio.com/docs/remote/containers#_sharing-gpg-keys).

The instructions (for Linux) simply state that to share GPG keys, install gnupg2 locally and in the container. But what if I have gnupg2 installed but I don’t want to have the keys shared? From what I can tell, VSCode execs post-startup commands within the container where the key sharing gets done, e.g.:

Copy /home/karlschriek/.gnupg/pubring.kbx to /home/vscode/.gnupg/pubring.kbx
Copy /home/karlschriek/.gnupg/trustdb.gpg to /home/vscode/.gnupg/trustdb.gpg
...

I have not been able to find a setting that will prevent this. It is also, presumably, using the same gpg-agent as the localhost. I would like to prevent this.

Tags:

2

Answers


  1. 0

    Since this behavior does not seem configurable, I would

    • move those files in a custom folder (outside ~/.gnupg, and reference it with the GNUPGHOME environment variable
    • write a remote VSCode starter script which would launch VSCode after a local export GNUPGHOME=""

    That way, VSCode would search for gnupg files to share in the default ~/.gnupg folder, which is not used in your case.

    It is a simple workaround, not an exact solution, but one simple enough to test.

    Login or Signup to reply.
  2. 0

    Just to add another detail which might help someone: notice that you have to install gnupg locally and in the container. I was running into issues with a gnupg command failing during startup and was able to solve it by removing gnupg in my dockerfile (it had been installed automatically).

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search