gpg-multi-key

# GPG Multi-Key

Advanced strategies for managing multiple GPG keys across different contexts: personal development, CI/CD automation, multi-client consultant work, and enterprise environments.

## Overview

Multi-key GPG strategies enable:

- **Separation of concerns:** Personal vs automation vs client keys
- **Risk isolation:** Compromised key in one context doesn't affect others
- **Identity management:** Different email addresses for different clients
- **Security flexibility:** Different passphrase/expiration policies per context

This skill covers scaling from single-key (basic setup) to sophisticated multi-key architectures.

## When to Use This Skill

This skill should be used when:

- Setting up CI/CD automation with GPG signing (GitHub Actions, GitLab CI)
- Managing multiple client identities as a consultant
- Implementing per-client key isolation strategies
- Configuring Git conditional includes for automatic key switching
- Planning GPG key strategies for growing teams
- Balancing security (passphrase protection) with automation (no passphrase)
- Migrating from single-key to multi-key setup
- Understanding security trade-offs for different key types

## Prerequisites

Before using multi-key GPG strategies:

- **GPG installed:** Run `gpg --version` (should show GnuPG 2.2+)
- **Git installed:** Run `git --version` (should show Git 2.23+ for conditional includes)
- **Basic GPG familiarity:** See `git:gpg-signing` skill for single-key setup basics
- **For CI/CD scenarios:** GitHub/GitLab repository access and Secrets management permissions
- **For consultant scenarios:** Organized directory structure (`~/Clients/` recommended)

## Strategy Selection Guide

### Quick Decision Matrix

| Scenario | Keys Needed | Passphrase | Expiration | Reference |
| --- | --- | --- | --- | --- |
| **Personal development only** | 1 key | Yes | No (or 2y) | Basic Setup |
| **Personal + CI/CD** | 2 keys | Personal: Yes, Automation: No | No | [Scenario 2](#scenario-2-personal--ci