In-memory Gpg Signing (or Possibly Using A Temporary Keyring)

I'm working on a web app that needs to create GPG signatures for files as they're uploaded by someone on staff. However, for security, I don't want to keep the signing key on the w

Solution 1:

This answer on superuser might give you some ideas. It's written for encrypting with a public key, but it would be easy to adapt. The long and short: you could use gpg --homedir SOMEDIR, where SOMEDIR was a directory on a tmpfs filesystem like the traditional /dev/shm.