2 min read

ARGOCD_GPG_ENABLED: How to Disable GPG on ArgoCD

ARGOCD_GPG_ENABLED: How to Disable GPG on ArgoCD

Most of the time you would want to keep GPG enabled, but sometimes you’re not ready to deal with a bunch of GPG secrets (altho if there’s enough interest I will write a small tutorial on how to automate adding these secrets to your cluster and bind them with your argo projects)

Don’t forget to subscribe button as that’ll encourage me writing more of these small tips


Adding the information to the ConfigMap

First thing you want to do is add variable you will reference to the ConfigMap that the ArgoCD Server uses (you could also hardcode it directly to the Deployment but I would suggest the ConfigMap for readability and to keep the structure in place)

To add to the configmap simply run this command, it will let you edit the current information in the ConfigMap

kubectl -n argocd edit cm/argocd-cmd-params-cm

Add the following line anywhere under “data” (it will sort it when saved):

server.enable.gpg: "false"

Disabled GPG into the Pods

Referencing `server.enable.gpg` in the `argocd-server` deployment (`ARGOCD_GPG_ENABLED=false`)

Run the following commands:

kubectl -n argocd edit deployments/argo-cd-argocd-server

Add this snippet under spec.template.spec.containers[0].env:

         - name: ARGOCD_GPG_ENABLED
               key: server.enable.gpg
               name: argocd-cmd-params-cm
               optional: true

Repeat the same for the following 3:

kubectl -n argocd edit deployments/argo-cd-argocd-repo-server
kubectl -n argocd edit deployments/argo-cd-argocd-applicationset-controller
kubectl -n argocd edit statefulset.apps/argo-cd-argocd-application-controller

The above will tell the deployment to add the environment variable `ARGOCD_GPG_ENABLED=false` (`server.enable.gpg=false` in the referenced configmap)

Alternative you can do this directly on the deployment/statefulset:

kubectl -n argocd get statefulset.apps/argo-cd-argocd-application-controller -o yaml | grep ARGOCD_GPG -A 1 -B 3
          value: "1"
        - name: ARGOCD_GPG_ENABLED
          value: "false"

Done, the pod should restart itself, now no need to sign the git commits

More information about disabling gpg: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/#disabling-the-feature


I suggest not doing the above in production, or when your repository is public because anyone can alter the deployment without a review or by mistake.

The GPG check is to ensure that someone authorized altered the deployment configuration, it is worth it to add them (even manually) to your argocd server and to your argo project, altho if you don’t know you can do this using the argocd terraform provider made by the community (You can look at my writing here for a tutorial: https://seraf.dev/argocd-tutorial-with-terraform-af77ddea2e6e

Thanks for reading! Don’t forget to hit follow ;)