clout-init apt-key "invalid armor header"

May 26, 2018 237 views
Initial Server Setup Debian

I am using cloud-init to provision my droplet with custom apt repositories, and I have the public keys inline using this form:

    - arches: [default]
      search_dns: true
    - arches: [default]
      search_dns: true
      source: "deb stretch main"
      key: |
        -----BEGIN PGP PUBLIC KEY BLOCK-----
        Version: GnuPG v1
        -----END PGP PUBLIC KEY BLOCK-----

And I get this error in /var/log/cloud-init-output.log

2018-05-26 11:05:19,807 -[ERROR]: failed to add apt GPG Key to apt keyring
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/cloudinit/config/", line 530, in add_apt_key_raw
    util.subp(['apt-key', 'add', '-'], data=key.encode(), target=target)
  File "/usr/lib/python3/dist-packages/cloudinit/", line 1850, in subp
cloudinit.util.ProcessExecutionError: Unexpected error while running command.
Command: ['apt-key', 'add', '-']
Exit code: 2
Reason: -
Stdout: -
Stderr: Warning: apt-key output should not be parsed (stdout is not a terminal)
        gpg: invalid armor header: mQINBFObJLYBEADkFW8HMjsoYRJQ4nCYC/6Eh0yLWHWfCh+/9ZSIj4w/pOe2V6V+\n
2018-05-26 11:05:19,811 -[WARNING]: Running module apt-configure (<module 'cloudinit.config.cc_apt_configure' from '/usr/lib/python3/dist-packages/cloudinit/config/'>) failed

This seems to be a bug in cloud-init, but I can't even figure out a workaround. I've tried putting the key in the YAML as a flow scalar instead of a block scalar, but that gave the same error (at a different point in the key input).

Be the first one to answer this question.