Signature verification is a security measure to ensure you can only ever install a binary that is built and signed by Doppler. After successfully implementing binary signature verification as an optional part of the CLI install and update process in 2021 (via install.sh), we’re moving to make this a requirement.
Starting February 9, 2022, the GnuPG package will be required when installing the CLI via the shell script (install.sh) method or when updating the CLI via
If GnuPG is already installed, there is nothing to do!
If GnuPG is not installed and you’re on Linux, you have two options:
- Change your CLI installation command to use the package manager version for your OS which also installs GnuPG (recommended)
- Install the GnuPG package prior to running the shell script install.sh command
For macOS users, simply run
brew install gnupg and you’re good to go!
Updated 8 months ago