Skip to content

sf-xuyan/TechOps

BranchesTags

Repository files navigation

git-crypt

Git-crypt and GPG installation

brew install git-crypt
brew install gpg

Repository and git-crypt initialization

git init
git-crypt init

Defining files to encrypt

  1. put your credentials into one folder, i.e secretfile
  2. create a .gitattributes file
mkdir .gitattributes
  1. add the following text to the body of .gitattributes file
.gitattributes !filter !diff

secretfile/** filter=git-crypt diff=git-crypt

Testing encryption

git-crypt status -e

Commits, pushes & encryption

git add .
git commit -m 'init commit'
git remote add origin REMOTE_URL
git push master

Working in team with git-crypt

you can do one of two things:

  1. Share the encryption key with them (symmetric key).
  2. Add their GPG key to authorized keys.

Symmetric key

git-crypt export-key path/where/key/should/be/saved
git-crypt unlock path/to/key

GPG key

gpg --gen-key
gpg --list-keys
gpg --export --armor $KEY_ID
gpg --import /path/to/file
git-crypt add-gpg-user --trusted $EMAIL
git-crypt unlock

Git-crypt in CI/CD process

The decryption is performed with symmetric key uploaded to the Git-crypt unlock action. Once all tasks are performed, you can secure the files once again with Git-crypt lock.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages