descriptionsafely store server secrets
last changeMon, 29 Oct 2018 15:53:47 +0000 (15:53 +0000)

regpg - safely store server secrets

The regpg program is a thin wrapper around gpg for looking after secrets that need to be stored encrypted in a version control system (so you don't have to trust the VCS server) and decrypted when your configuration management system deploys them to servers.



Download the single-file regpg perl script: and its GPG signature.

Download the full source archives and GPG signatures:


If you use regpg, let me know! Send me mail at

If you would like to submit a bug report or a patch, or if you would like more information about regpg's licence, see doc/


For a simple one-file install you can copy the regpg script to a directory on your $PATH.

You can run make install to install the script and man page to the standard places in your home directory, and make uninstall to remove them. See the start of the Makefile for variables you can set on the command line to adjust the install location. See doc/ for details about building from git.


To use regpg you need the following programs. I've listed the versions that I have tested.

You only need the following programs if you use regpg's helper subcommands.

You only need the following to build from git.


You can clone or browse the repository from:


Thanks to Jon Warbrick who gave me the idea for regpg's key management; and David Carter, Ben Harris, Ian Lewis, David McBride, mchubby, and Matthew Vernon for helpful bug reports and discussions.

Written by Tony Finch
at Cambridge University Information Services.

regpg is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

regpg is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with regpg. If not, see

2018-10-29 Tony Finchregpg: pod markup error master
2018-10-01 Tony Finchtest: better sanity checks for genpwd crypt output
2018-10-01 Tony Finchregpg: use quiet mode for genpwd crypt output
2018-10-01 Tony Finchregpg genpwd: make it feasible to copy-type a password
2018-10-01 Tony Finchtest: fix reference to Apache's HTTP/0.9 flag
2018-09-12 Tony Finchregpg-0.106.X
2018-09-12 Tony Finchregpg-0.106 regpg-0.106
2018-09-12 Tony Finchansible: port to 2.5 and 2.6
2018-09-12 Tony Finchtest: ensure git has a name and email to use when commi...
2018-09-12 Tony Finchtest: avoid racing with the `regpg depipe` fifo cleanup
2018-09-12 Tony Finchtest: ensure `gpg --list-packets` is quiet on stderr
2018-09-10 Tony Finchregpg-0.105.X
2018-09-10 Tony Finchregpg-0.105 regpg-0.105
2018-09-10 Tony Finchregpg: genspkifp can now fetch server certificates
2018-08-22 Tony FinchREADME: make the download links more prominent
2018-08-22 Tony Finchregpg-0.104.X
4 months ago regpg-0.106 regpg-0.106
4 months ago regpg-0.105 regpg-0.105
4 months ago regpg-0.104 regpg-0.104
11 months ago regpg-0.103 regpg-0.103
11 months ago regpg-0.102 regpg-0.102
11 months ago regpg-0.101 regpg-0.101
11 months ago regpg-0.100 regpg-0.100
13 months ago regpg-0.99 regpg-0.99
13 months ago regpg-0.98 regpg-0.98
13 months ago regpg-0.97 regpg-0.97
13 months ago regpg-0.96 regpg-0.96
13 months ago regpg-0.95 regpg-0.95
13 months ago regpg-0.94 regpg-0.94
13 months ago regpg-0.93 regpg-0.93
13 months ago regpg-0.92 regpg-0.92
14 months ago regpg-0.91 regpg-0.91
2 months ago master