Skip to content

Actions: Encrypt


Input: stream

Output: stream

Unaction: yes


Name Type Description Optional
passphrase str Defines a passphrase that will be used to decrypt the data Yes
recipients List[str] List of emails that will be able to decrypt the data Yes
cipherAlgorithm str Changes the cipher algorithm Yes
cypherAlgorithm str Alias for cypherAlgorithm Yes
compressAlgorithm str Selects the compress algorithm, if not set, then will be uncompressed (default) Yes

At least one recipient must be defined. If no recipients are defined, a passphrase must be provided. Both can be defined.


Encrypts the data using gpg (gpg 2) command. If recipients are defined, then the users that own that keys will be able to decrypt the data. If passphrase is defined, then this passphrase will be used to encrypt the data. Both can be defined so if a user owns a key and is able to decrypt the data, the passphrase will be asked as well. The cipher and compress valid algorithms can be queried by issuing the command gpg --version. By default the compress algorithm is uncompressed.


The recipient keys must be imported previously. The action will not import any key.


Cypher a database backup

- name: encrypt gpg task example
    - postgres-database:
        database: 'example'
    - encrypt-gpg:
        passphrase: mdbackup
        recipients: [, ]
    - to-file:
        path: 'example.sql.asc'