Quick Tip

Securely Share Sensitive Data with `gpg` and Process Substitution

Challenge: You need to securely transmit a sensitive file to another user or system, but you want to avoid writing the unencrypted file to disk even temporarily.

The Solution: Leverage `gpg` for encryption and Bash’s process substitution to pipe the data directly from your source to `gpg` without an intermediate file.

gpg --recipient 'Recipient Name or Email' --encrypt --output - <(cat sensitive_data.txt) > encrypted_data.gpg

Why it works: The `<(cat sensitive_data.txt)` syntax creates a special file descriptor (a “pipe”) that `gpg` can read from as if it were a regular file. The data from `sensitive_data.txt` is piped directly into `gpg`’s standard input, encrypted, and then redirected to `encrypted_data.gpg` without ever being written in plaintext to the filesystem.

Pro-Tip: For automated decryption on the receiving end, you can use `gpg –decrypt –output – < encrypted_data.gpg | your_command_here` to pipe the decrypted content directly to another command.

Linux Tips & Tricks | © ngelinux.com | 4/25/2026