I couldn't see this documented anywhere so I wanted to raise it here.
Editing encrypted credentials appears to fail on GPG version 1.x when working with a large number of credentials (119 in our case), including some PEM certificates.
» gpg
zsh: command not found: gpg
» brew install gpg
[...snip...]
» gpg --version
gpg (GnuPG) 1.4.19
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
» bundle exec eyaml edit -n gpg --gpg-recipients-file gpg_recipients/preview_hiera_gpg.rcp hieradata/preview_credentials.yaml
[gpg] !!! Warning: General exception decrypting GPG file
[hiera-eyaml-core] !!! Bad file descriptor
[hiera-eyaml-core] ["/Users/matt/bundles/ruby/1.9.1/gems/gpgme-2.0.7/lib/gpgme/ctx.rb:391:in `decrypt'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-gpg-0.4/lib/hiera/backend/eyaml/encryptors/gpg.rb:149:in `decrypt'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/encrypted_tokens.rb:15:in `encrypted_value'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/encrypted_tokens.rb:80:in `create_enc_token'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/encrypted_tokens.rb:100:in `create_token'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:71:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:74:in `parse_scanner'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:36:in `parse'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/subcommands/edit.rb:36:in `execute'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/CLI.rb:45:in `execute'", "/Users/matt/bundles/ruby/1.9.1/gems/hiera-eyaml-2.0.3/bin/eyaml:13:in `<top (required)>'", "/Users/matt/bundles/ruby/1.9.1/bin/eyaml:23:in `load'", "/Users/matt/bundles/ruby/1.9.1/bin/eyaml:23:in `<main>'"]
» brew remove gpg
» brew install gpg2
» gpg2 --version
gpg (GnuPG) 2.0.29
libgcrypt 1.6.4
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA, RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
» gpg --version
gpg (GnuPG/MacGPG2) 2.0.28
libgcrypt 1.6.3
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA, RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
I haven't gotten to the bottom of why - I presume it's something to do with the way the gpgme library invokes the gpg binary over and over for each string to be encrypted.