problems with sharing a repo's encryption key #225
Description
Summary
We were trying to share access to an encrypted deployment repository using plural crypto share as per https://docs.plural.sh/advanced-topics/security/secret-management#share-a-repo
It does not work as expected though as it's not possible for any other user (logged in correctly with the mentioned accounts) to clone and decrypt the repo.
Reproduction
With a deployment SA [email protected] we created the repo, and after installing the kubeflow-aws we followed the following steps:
setup:
dev2-at-onplural-sh on main on ☁️ at-kf1 (eu-central-1) on ☁️
❯ plural crypto setup-keys --name sharekey
Public key uploaded successfully
dev2-at-onplural-sh on main on ☁️ at-kf1 (eu-central-1) on ☁️
❯ plural crypto share --email [email protected]
dev2-at-onplural-sh on main [!] on ☁️ at-kf1 (eu-central-1) on ☁️
❯ plural crypto share --email [email protected]
dev2-at-onplural-sh on main [!] on ☁️ at-kf1 (eu-central-1) on ☁️
❯ git add .
dev2-at-onplural-sh on main [+] on ☁️ at-kf1 (eu-central-1) on ☁️
❯ git commit -m "share key"
dev2-at-onplural-sh on main [⇡] on ☁️ at-kf1 (eu-central-1) on ☁️
❯ git push
On the other end the user [email protected] should have been able to decrypt the repo but that was unsuccessful:
(base) rosko@AT-NB-182:~/git_repos/kubesoup/dev2-at-onplural-sh$ plural crypto init
Creating git encryption filters
2022/08/23 17:47:26 no identity matched any of the recipientsThere is also no public key listed in app.plural.sh after this process.
Plural UI/UX Issue Screenshots
Message from the maintainers:
Impacted by this bug? Give it a 👍. We factor engagement into prioritization.