I'd like to be able ato implement the following behaviour :
An admin should be asked the passphrase to the GPG production key during the Rails server startup in production
The passphrase should not be stored anywhere other than RAM
Decryption capabilities should not be available in rake tasks or rails console
A gpg-agent seems out of the question, since any process launched by the same user the rails server runs with would be able to decrypt content.
A passphrase callback for the GPGME class asking for the passphrase seems to be the best solution (although tricky to implement because of the start-stop-daemon wrapper in /etc/init.d/unicorn which grabs stdin).
Am I missing something ? Are there any security holes with such a setup ? What would be a better solution ? Many thanks.
