Git-crypt: Difference between revisions
From wikinotes
No edit summary |
|||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
Encrypt select files within a git repo.<br> | Encrypt select files within a git repo.<br> | ||
Designed for encrypting select files within a git repo, rather than the entire repo. | Designed for encrypting few/select files within a git repo, rather than the entire repo. | ||
You may also be interested in [[encfs]] and [[VimPlugin: vim-gnupg|vim-gnupg]]. | You may also be interested in [[encfs]] and [[VimPlugin: vim-gnupg|vim-gnupg]]. | ||
Line 7: | Line 7: | ||
<blockquote> | <blockquote> | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |||
| official docs || https://github.com/AGWA/git-crypt/wiki | |||
|- | |- | ||
| github || https://github.com/AGWA/git-crypt | | github || https://github.com/AGWA/git-crypt | ||
Line 12: | Line 14: | ||
|} | |} | ||
</blockquote><!-- Documentation --> | </blockquote><!-- Documentation --> | ||
= Tutorials = | |||
<blockquote> | |||
{| class="wikitable" | |||
|- | |||
| dev || https://dev.to/heroku/how-to-manage-your-secrets-with-git-crypt-56ih | |||
|- | |||
|} | |||
</blockquote><!-- Tutorials --> | |||
= Install = | = Install = | ||
Line 20: | Line 31: | ||
</blockquote><!-- install --> | </blockquote><!-- install --> | ||
= | = Configuration = | ||
<blockquote> | <blockquote> | ||
< | == Repo Setup == | ||
<blockquote> | |||
<syntaxhighlight lang="bash"> | |||
# create repo | # create repo | ||
mkdir myrepo | mkdir myrepo | ||
Line 28: | Line 41: | ||
git init | git init | ||
git-crypt init | git-crypt init | ||
</syntaxhighlight> | |||
<syntaxhighlight lang="bash"> | |||
# .gitattributes | |||
# specify files to encrypt | # specify files to encrypt | ||
*.rst filter=git-crypt diff=git-crypt | *.rst filter=git-crypt diff=git-crypt | ||
</syntaxhighlight> | |||
# add key | <syntaxhighlight lang="bash"> | ||
# add GPG key to encrypt files with | |||
git-crypt add-gpg-user user@domain.com # email specified in gpgkey being used | git-crypt add-gpg-user user@domain.com # email specified in gpgkey being used | ||
# export key | # export git-crypt's key so that you have a backup (?) | ||
git-crypt export-key ~/gitcryptkey | git-crypt export-key ~/gitcryptkey | ||
</ | </syntaxhighlight> | ||
</blockquote><!-- | </blockquote><!-- repo setup --> | ||
== Migrating docs to new GPG keys == | |||
<blockquote> | |||
<syntaxhighlight lang="bash"> | |||
# haven't tried this yet, but it looks like it might be | |||
git-encrypt migrate-key | |||
</syntaxhighlight> | |||
</blockquote><!-- Migrating docs to new GPG keys --> | |||
== Unofficial git merge support == | |||
<blockquote> | |||
See https://github.com/AGWA/git-crypt/issues/140 | |||
<syntaxhighlight lang="bash"> | |||
# ${REPO}/gitcrypt-merge | |||
#!/usr/bin/env bash | |||
ancestor_decrypted="$1__decrypt" | |||
current_decrypted="$2__decrypt" | |||
other_decrypted="$3__decrypt" | |||
echo "" | |||
echo "###########################" | |||
echo "# Git crypt driver called #" | |||
echo "###########################" | |||
echo "" | |||
echo "Decrypting ancestor file..." | |||
cat $1 | git-crypt smudge > "${ancestor_decrypted}" | |||
echo "Decrypting current file..." | |||
cat $2 | git-crypt smudge > "${current_decrypted}" | |||
echo "Decrypting other file..." | |||
cat $3 | git-crypt smudge > "${other_decrypted}" | |||
echo "" | |||
echo "Merging ..." | |||
git merge-file -L "current branch" -L "ancestor branch" -L "other branch" "${current_decrypted}" "${ancestor_decrypted}" "${other_decrypted}" | |||
exit_code=$? | |||
cat "${current_decrypted}" | git-crypt clean > $2 | |||
echo "Removing temporary files..." | |||
rm "${other_decrypted}" "${ancestor_decrypted}" "${current_decrypted}" | |||
if [ "$exit_code" -eq "0" ] | |||
then | |||
echo "@@@ No conflict!" | |||
else | |||
echo "@@@ You need to solve some conflicts..." | |||
fi | |||
exit $exit_code | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="bash"> | |||
# ${REPO}/.gitattributes | |||
crypt/** filter=git-crypt diff=git-crypt merge=git-crypt | |||
</syntaxhighlight> | |||
</blockquote><!-- Unofficial git merge support --> | |||
</blockquote><!-- Configuration --> | |||
= Usage = | = Usage = | ||
Line 45: | Line 122: | ||
git crypt lock | git crypt lock | ||
git crypt unlock | git crypt unlock | ||
git crypt status # show encrypted/non-encrypted status of files | |||
</source> | </source> | ||
</blockquote><!-- usage --> | </blockquote><!-- usage --> |
Latest revision as of 16:09, 7 August 2023
Encrypt select files within a git repo.
Designed for encrypting few/select files within a git repo, rather than the entire repo.
You may also be interested in encfs and vim-gnupg.
Documentation
official docs https://github.com/AGWA/git-crypt/wiki github https://github.com/AGWA/git-crypt
Tutorials
dev https://dev.to/heroku/how-to-manage-your-secrets-with-git-crypt-56ih
Install
sudo pacman -S git-crypt
Configuration
Repo Setup
# create repo mkdir myrepo cd myrepo git init git-crypt init# .gitattributes # specify files to encrypt *.rst filter=git-crypt diff=git-crypt# add GPG key to encrypt files with git-crypt add-gpg-user user@domain.com # email specified in gpgkey being used # export git-crypt's key so that you have a backup (?) git-crypt export-key ~/gitcryptkeyMigrating docs to new GPG keys
# haven't tried this yet, but it looks like it might be git-encrypt migrate-keyUnofficial git merge support
See https://github.com/AGWA/git-crypt/issues/140
# ${REPO}/gitcrypt-merge #!/usr/bin/env bash ancestor_decrypted="$1__decrypt" current_decrypted="$2__decrypt" other_decrypted="$3__decrypt" echo "" echo "###########################" echo "# Git crypt driver called #" echo "###########################" echo "" echo "Decrypting ancestor file..." cat $1 | git-crypt smudge > "${ancestor_decrypted}" echo "Decrypting current file..." cat $2 | git-crypt smudge > "${current_decrypted}" echo "Decrypting other file..." cat $3 | git-crypt smudge > "${other_decrypted}" echo "" echo "Merging ..." git merge-file -L "current branch" -L "ancestor branch" -L "other branch" "${current_decrypted}" "${ancestor_decrypted}" "${other_decrypted}" exit_code=$? cat "${current_decrypted}" | git-crypt clean > $2 echo "Removing temporary files..." rm "${other_decrypted}" "${ancestor_decrypted}" "${current_decrypted}" if [ "$exit_code" -eq "0" ] then echo "@@@ No conflict!" else echo "@@@ You need to solve some conflicts..." fi exit $exit_code# ${REPO}/.gitattributes crypt/** filter=git-crypt diff=git-crypt merge=git-crypt
Usage
git crypt lock git crypt unlock git crypt status # show encrypted/non-encrypted status of files