Avoiding GPG ncurses Prompts in Automation Pipelines

GPG ncurses interfaces appear when GnuPG runs in a non-graphical environment and needs user input. Most often, this happens when signing, encrypting, or decrypting files inside a TTY session or CI/CD job. Instead of sending output to stdout, GPG invokes its pinentry program, which, in a default Linux configuration, uses ncurses to draw a text-based UI.

This behavior is fine for interactive sessions but blocks scripts and containers. In automation, an ncurses password prompt is a dead stop. To prevent it, use a loopback pinentry or redirect GPG to a mode that reads passphrases from a file descriptor. For example:

gpg --batch --yes --pinentry-mode loopback --passphrase "$GPG_PASSPHRASE"-o output.gpg -c input.txt

In many distributions, pinentry-curses is the binary that triggers ncurses mode. Replacing or reconfiguring it lets you bypass the interactive prompt. You can install pinentry-tty or pinentry-gtk-2 for different environments. The ~/.gnupg/gpg-agent.conf file accepts pinentry-program declarations to control which UI GPG uses. Reload the agent with:

gpgconf --reload gpg-agent

When debugging GPG ncurses hangs, check if GPG_TTY is set. Without it, even the interactive ncurses screen can behave unpredictably. Run:

export GPG_TTY=$(tty)

In CI/CD contexts, remove ncurses prompts entirely by forcing loopback mode, disabling TTY pinentry calls, and setting all required environment variables within your job definition.

By controlling how and when GPG launches ncurses, you unlock faster, fully automated encryption and signing pipelines. This improves build reliability, deployment speed, and security posture without manual intervention.

See how Hoop.dev can run secure GPG operations without ncurses prompts—get it live in minutes.