problems with sharing a repo's encryption key #225
Description
Summary
We were trying to share access to an encrypted deployment repository using plural crypto share as per https://docs.plural.sh/advanced-topics/security/secret-management#share-a-repo
It does not work as expected though as it's not possible for any other user (logged in correctly with the mentioned accounts) to clone and decrypt the repo.
Reproduction
With a deployment SA dev2.at.onplural.sh@alexanderthamm.com we created the repo, and after installing the kubeflow-aws we followed the following steps:
setup:
dev2-at-onplural-sh on main on ☁️ at-kf1 (eu-central-1) on ☁️
❯ plural crypto setup-keys --name sharekey
Public key uploaded successfully
dev2-at-onplural-sh on main on ☁️ at-kf1 (eu-central-1) on ☁️
❯ plural crypto share --email hans.rauer@alexanderthamm.com
dev2-at-onplural-sh on main [!] on ☁️ at-kf1 (eu-central-1) on ☁️
❯ plural crypto share --email rostislav.nedelchev@alexanderthamm.com
dev2-at-onplural-sh on main [!] on ☁️ at-kf1 (eu-central-1) on ☁️
❯ git add .
dev2-at-onplural-sh on main [+] on ☁️ at-kf1 (eu-central-1) on ☁️
❯ git commit -m "share key"
dev2-at-onplural-sh on main [⇡] on ☁️ at-kf1 (eu-central-1) on ☁️
❯ git push
On the other end the user rostislav.nedelche@alexanderthamm.com should have been able to decrypt the repo but that was unsuccessful:
(base) rosko@AT-NB-182:~/git_repos/kubesoup/dev2-at-onplural-sh$ plural crypto init
Creating git encryption filters
2022/08/23 17:47:26 no identity matched any of the recipientsThere is also no public key listed in app.plural.sh after this process.
Plural UI/UX Issue Screenshots
Message from the maintainers:
Impacted by this bug? Give it a 👍. We factor engagement into prioritization.