docker-entrypoint.sh

#!/bin/bash
encryptAction(){
    gpg  --trust-model always --encrypt --armor --output $encrypted_file --recipient $client $file
}
decryptAction() {
    gpg --no-tty --pinentry-mode=loopback --batch --passphrase-file=/home/rich/secrets/$client --decrypt --output $file $encrypted_file
}
#future. then remove import lines in dockerfile. this way, image doesn't contain imported keys.  
ImportClientKeys(){
  #gpg --no-tty --batch --import $client 
}
while getopts ":a:c:e:f:" opt; do
    case $opt in
        a) action="$OPTARG"
        ;;
        c) client="$OPTARG"
        ;;
        e) encrypted_file="$OPTARG"
        ;;
        f) file="$OPTARG"
        ;;
        \?)
            echo "Invalid option: -$OPTARG" >&2
            exit 1
        ;;
        :)
            echo "Option -$OPTARG requires an argument." >&2
            exit 1
        ;;
    esac
done

case $action in
    encrypt) encryptAction
    ;;
    decrypt) decryptAction
    ;;
esac

#base64 /dev/urandom | head -c 1000000 > 1MB-plain.txt
#docker build -f "Dockerfile" -t pgp-task-runner:latest "."
#docker run -v $(pwd):/home/rich pgp-task-runner -a encrypt -f /home/rich/1MB-plain.txt -e /home/rich/1MB-encrypted -c rich@xyz.com
#docker run -v $(pwd):/home/rich pgp-task-runner -a decrypt -f /home/rich/1MB-decrypted.txt -c rich@xyz.com -e /home/rich/1MB-encrypted

Dockerfile

FROM ubuntu:18.04

RUN apt-get update && apt-get install -y gnupg2 curl nano wget 

COPY docker-entrypoint.sh /usr/local/bin/
COPY mypublic.asc /tmp/mypublic.asc
COPY myprivate.key /tmp/myprivate.key

#Future move import logic to a running container instead of in the image 

RUN cat /tmp/mypublic.asc | gpg --import -
RUN cat /tmp/myprivate.key | gpg --no-tty --batch --import -

RUN rm /tmp/mypublic.asc
RUN rm /tmp/myprivate.key
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["$@"]