Gocryptfs

From wikinotes
Revision as of 21:47, 2 September 2023 by Will (talk | contribs)

Spiritual successor to encfs with hardened security.
Notably, having access to multiple versions of the same file does not make this insecure. It is entirely cross platform.

Documentation

official docs https://nuetzlich.net/gocryptfs/
github https://github.com/rfjakob/gocryptfs

Tutorials

securing a secrets git repo https://blog.jpluscplusm.com/articles/securing-secrets-in-git-using-gocryptfs/

Usage

gocryptfs -init ./encrypted         # create encrypted dir
gocryptfs ./encrypted ./decrypted   # mount encrypted dir
fusermount -u ./decrypted           # unmount encrypted dir

If you only need a read-only mount,
you can use the -reverse param and you'll have some additional options. 

# create encrypted dir, excluding certain files
gocryptfs -reverse -init \
  -exclude-wildcard 'build/*' \
  encrypted

gocryptfs -reverse ./encrypted ./decrypted
fusermount -u ./decrypted           # unmount encrypted dir
Retrieved from "http://willpittman.net:8080/index.php?title=Gocryptfs&oldid=34164"