why does GPG store different things in a bash var compared to a file

Question

I am trying to decrypt a file to a bash variable and then pipe that to zcat and then pipe that mysql. Sending the output to file is not an option as it is a specified requirement.

so what I have is:

temp=$(gpg --batch --quiet --yes --passphrase=XXXXXX --decrypt file.sql.gz.gpg)
{ zcat preprocess.sql.gz; echo $temp | zcat; } | mysql -u$DB_USER -p$DB_PWD --host=$DB_HOST $DB_ID

The response is a correctly unzipped preprocess file followed by:

zcat: stdin is encrypted -- not supported

However when I do:

gpg --batch --quiet --yes --passphrase=XXXXXX --decrypt file.sql.gz.gpg > tempfile.sql.gz
zcat preprocess.sql.gz tempfile.sql.gz | mysql -u$DB_USER -p$DB_PWD --host=$DB_HOST $DB_ID

It works as expected. However as I said we do not want any decrypted files hanging around on the server for any length of time (some of the mysl imports take hours) so writing the file and then deleting it is not a starter.

So the question is why does gpg store something different in the $temp variable as compared to the file? and what can I do about it

Answer 1

However as I said we do not want any decrypted files hanging around on the server for any length of time ...

Instead of saying:

temp=$(gpg --batch --quiet --yes --passphrase=XXXXXX --decrypt file.sql.gz.gpg)
{ zcat preprocess.sql.gz; echo $temp | zcat; } | mysql -u$DB_USER -p$DB_PWD --host=$DB_HOST $DB_ID

say:

{ zcat preprocess.sql.gz; gpg --batch --quiet --yes --passphrase=XXXXXX --decrypt file.sql.gz.gpg | zcat; } | mysql -u$DB_USER -p$DB_PWD --host=$DB_HOST $DB_ID

And you'd even avoid a variable holding decrypted data!