git-secret/README.md

# git-secret


[![test](https://github.com/sobolevn/git-secret/actions/workflows/test.yml/badge.svg?branch=master&event=push)](https://github.com/sobolevn/git-secret/actions/workflows/test.yml)
[![release-ci](https://github.com/sobolevn/git-secret/actions/workflows/release-ci.yml/badge.svg)](https://github.com/sobolevn/git-secret/actions/workflows/release-ci.yml)
[![Homebrew](https://img.shields.io/homebrew/v/git-secret.svg)](https://formulae.brew.sh/formula/git-secret)
[![Supporters](https://img.shields.io/opencollective/all/git-secret.svg?color=gold&label=supporters)](https://opencollective.com/git-secret)

[![git-secret](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/git-secret-big.png)](https://git-secret.io/)


## What is `git-secret`?

`git-secret` is a bash tool which stores private data inside a git repo.
`git-secret` encrypts files with permitted users' public keys,
allowing users you trust to access encrypted data using pgp and their secret keys.

With `git-secret`, changes to access rights are simplified, and private-public key issues are handled for you.

When someone's permission is revoked, secrets do not need to be changed with `git-secret` -
just remove their key from the keychain using `git secret removeperson their@email.com`,
re-encrypt the files, and they won't be able to decrypt secrets anymore.
If you think the user might have copied the secrets or keys when they had access, then
you should also change the secrets.


## Preview

[![git-secret terminal preview](git-secret.gif)](https://asciinema.org/a/41811?autoplay=1)


## Installation

`git-secret` [supports `brew`](https://formulae.brew.sh/formula/git-secret), just type: `brew install git-secret`

It also supports `apt` and `yum`. You can also use `make` if you want to.
See the [installation section](https://git-secret.io/installation) for the details.

### Requirements

`git-secret` relies on several external packages:

- `bash` since `3.2.57` (it is hard to tell the correct `patch` release)
- `gawk` since `4.0.2`
- `git` since `1.8.3.1`
- `gpg` since `gnupg 1.4` to `gnupg 2.X`
- `sha256sum` since `8.21` (on freebsd and MacOS `shasum` is used instead)


## Contributing

Do you want to help the project? Find an [issue](https://github.com/sobolevn/git-secret/issues)
and send a PR. It is more than welcomed! See [CONTRIBUTING.md](CONTRIBUTING.md) on how to do that.

### Security

In order to encrypt (git-secret hide -m) files only when modified, the path
mappings file tracks sha256sum checksums of the files added (git-secret add) to
git-secret's path mappings filesystem database. Although, the chances of
encountering a sha collision are low, it is recommend that you pad files with
random data for greater security. Or avoid using  the `-m` option altogether.
If your secret file holds more data than just a single password these
precautions should not be necessary, but could be followed for greater
security.

If you found any security related issues, please do not disclose it in public. Send an email to `security@wemake.services`


## Changelog

`git-secret` uses [semver](https://semver.org/). See [CHANGELOG.md](CHANGELOG.md).


## Packagers

Thanks to all the people and groups who package `git-secret` for easier install on particular OSes and distributions!

[![Packaging status](https://repology.org/badge/vertical-allrepos/git-secret.svg)](https://repology.org/project/git-secret/versions)

Here are some packagings of `git-secret` that we're aware of:

- https://formulae.brew.sh/formula/git-secret
- https://packages.ubuntu.com/bionic/git-secret
- https://src.fedoraproject.org/rpms/git-secret
- https://aur.archlinux.org/packages/git-secret/
- https://pkgs.alpinelinux.org/package/edge/testing/x86/git-secret
- https://packages.debian.org/sid/git-secret
- https://github.com/void-linux/void-packages/blob/master/srcpkgs/git-secret/template

Such packages are considered 'downstream' because the git-secret code 'flows' from the `git-secret` [repository](https://git-secret.io/installation)
to the various rpm/deb/dpkg/etc packages that are created for specific OSes and distributions.

We have also added notes specifically for packagers in [CONTRIBUTING.md](CONTRIBUTING.md).


## Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/git-secret#sponsor)]

[![Sponsors](https://opencollective.com/git-secret/tiers/sponsor.svg?width=890)](https://opencollective.com/git-secret)


## Backers

Thanks to all our backers!

[![Backers](https://opencollective.com/git-secret/tiers/backer.svg?width=890&avatarHeight=36)](https://opencollective.com/git-secret)


## Contributors

This project exists thanks to all the people who contribute. [[Contribute](CONTRIBUTING.md)].
<a href="https://github.com/sobolevn/git-secret/graphs/contributors"><img src="https://opencollective.com/git-secret/contributors.svg?width=890" /></a>


## License

MIT. See [LICENSE.md](LICENSE.md) for details.


## Thanks

Special thanks to [Elio Qoshi](https://elioqoshi.me/sq/) from [ura](http://ura.design/) for the awesome logo.
fixes after makefile crash 2016-02-21 13:26:17 +00:00			`# git-secret`

Update README.md 2021-05-08 09:15:43 +00:00
Adds new manual generation process 2021-05-03 13:18:15 +00:00			`[![test](https://github.com/sobolevn/git-secret/actions/workflows/test.yml/badge.svg?branch=master&event=push)](https://github.com/sobolevn/git-secret/actions/workflows/test.yml)`
Update README.md 2021-05-08 09:14:27 +00:00			`[![release-ci](https://github.com/sobolevn/git-secret/actions/workflows/release-ci.yml/badge.svg)](https://github.com/sobolevn/git-secret/actions/workflows/release-ci.yml)`
Adds new manual generation process 2021-05-03 13:18:15 +00:00			`[![Homebrew](https://img.shields.io/homebrew/v/git-secret.svg)](https://formulae.brew.sh/formula/git-secret)`
Update README.md 2021-05-08 09:15:43 +00:00			`[![Supporters](https://img.shields.io/opencollective/all/git-secret.svg?color=gold&label=supporters)](https://opencollective.com/git-secret)`
CONTRIBUTING.md added 2016-07-02 13:18:53 +00:00
Closes #618 2021-06-26 14:17:37 +00:00			`[![git-secret](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/git-secret-big.png)](https://git-secret.io/)`
readme and gratis 2016-07-02 14:16:12 +00:00
Fixes travis builds on macOS Changes: 1. Updates `.travis.yml` with proper versions of `gpg` 2. Updates `README.md` with minimal versions requirements Cloeses #96 2017-07-17 07:54:43 +00:00
CONTRIBUTING.md added 2016-07-02 13:18:53 +00:00			## What is `git-secret`?

Add animated GIF preview of the asciinema recording and link on README.md (#560) 2019-11-14 11:17:09 +00:00			`git-secret` is a bash tool which stores private data inside a git repo.
Doc changes 2019 02 for #351 (#353) * clarification about killperson and secrets, rephrasing. * how to develop without docker/test-kitchen * doc changes about gh-pages branch. other clarifications. * OSX has been renamed MacOS (except in travis-ci) 2019-03-05 12:09:27 +00:00			`git-secret` encrypts files with permitted users' public keys,
Add animated GIF preview of the asciinema recording and link on README.md (#560) 2019-11-14 11:17:09 +00:00			`allowing users you trust to access encrypted data using pgp and their secret keys.`
Doc changes 2019 02 for #351 (#353) * clarification about killperson and secrets, rephrasing. * how to develop without docker/test-kitchen * doc changes about gh-pages branch. other clarifications. * OSX has been renamed MacOS (except in travis-ci) 2019-03-05 12:09:27 +00:00
Add animated GIF preview of the asciinema recording and link on README.md (#560) 2019-11-14 11:17:09 +00:00			With `git-secret`, changes to access rights are simplified, and private-public key issues are handled for you.
Doc changes 2019 02 for #351 (#353) * clarification about killperson and secrets, rephrasing. * how to develop without docker/test-kitchen * doc changes about gh-pages branch. other clarifications. * OSX has been renamed MacOS (except in travis-ci) 2019-03-05 12:09:27 +00:00
			When someone's permission is revoked, secrets do not need to be changed with `git-secret` -
Rename `killperson` to `removeperson` (#685) * Rename the "killperson" command to "removeperson" "killperson" is unnecessarily hostile so change the command name to "removeperson". Fixes #684. * Re-generate man pages * Update contribution guide There's no longer any pre-commit hooks so don't mention them. * Add alias from `killperson` pointing at `removeperson` * Update git_secret_removeperson.sh Co-authored-by: Nikita Sobolev <mail@sobolevn.me> 2021-06-16 07:31:58 +00:00			just remove their key from the keychain using `git secret removeperson their@email.com`,
Doc changes 2019 02 for #351 (#353) * clarification about killperson and secrets, rephrasing. * how to develop without docker/test-kitchen * doc changes about gh-pages branch. other clarifications. * OSX has been renamed MacOS (except in travis-ci) 2019-03-05 12:09:27 +00:00			`re-encrypt the files, and they won't be able to decrypt secrets anymore.`
Add note about secrets and old keys (#499) * Add note about secrets and old keys 2019-08-17 01:33:15 +00:00			`If you think the user might have copied the secrets or keys when they had access, then`
Doc changes 2019 02 for #351 (#353) * clarification about killperson and secrets, rephrasing. * how to develop without docker/test-kitchen * doc changes about gh-pages branch. other clarifications. * OSX has been renamed MacOS (except in travis-ci) 2019-03-05 12:09:27 +00:00			`you should also change the secrets.`
fixes after makefile crash 2016-02-21 13:26:17 +00:00
Fixes travis builds on macOS Changes: 1. Updates `.travis.yml` with proper versions of `gpg` 2. Updates `README.md` with minimal versions requirements Cloeses #96 2017-07-17 07:54:43 +00:00
new README 2016-02-24 11:24:07 +00:00			`## Preview`

Add animated GIF preview of the asciinema recording and link on README.md (#560) 2019-11-14 11:17:09 +00:00			`[![git-secret terminal preview](git-secret.gif)](https://asciinema.org/a/41811?autoplay=1)`
new README 2016-02-24 11:24:07 +00:00
Fixes travis builds on macOS Changes: 1. Updates `.travis.yml` with proper versions of `gpg` 2. Updates `README.md` with minimal versions requirements Cloeses #96 2017-07-17 07:54:43 +00:00
Adds documentation update Documentation: 1. Adds security note, closes #78 2. Adds a tweak about `random_seed` and `.gitsecret/`, closes #93 3. Adds `git --version` into issue tamplate, closes #95 4. Improves `README.md`, refs #79 2017-06-01 11:01:41 +00:00			`## Installation`
new README 2016-02-24 11:24:07 +00:00
Update README.md 2021-08-14 12:37:42 +00:00			`git-secret` [supports `brew`](https://formulae.brew.sh/formula/git-secret), just type: `brew install git-secret`
new README 2016-02-24 11:24:07 +00:00
Add animated GIF preview of the asciinema recording and link on README.md (#560) 2019-11-14 11:17:09 +00:00			It also supports `apt` and `yum`. You can also use `make` if you want to.
fix(readme): fix installation section link (#704) 2021-07-30 08:23:30 +00:00			`See the [installation section](https://git-secret.io/installation) for the details.`
prerelease 2016-03-13 10:06:18 +00:00
Fixes travis builds on macOS Changes: 1. Updates `.travis.yml` with proper versions of `gpg` 2. Updates `README.md` with minimal versions requirements Cloeses #96 2017-07-17 07:54:43 +00:00			`### Requirements`

			`git-secret` relies on several external packages:

			- `bash` since `3.2.57` (it is hard to tell the correct `patch` release)
Documenting minimum versions, closes #96 2017-11-28 05:35:16 +00:00			- `gawk` since `4.0.2`
			- `git` since `1.8.3.1`
			- `gpg` since `gnupg 1.4` to `gnupg 2.X`
Doc changes 2019 02 for #351 (#353) * clarification about killperson and secrets, rephrasing. * how to develop without docker/test-kitchen * doc changes about gh-pages branch. other clarifications. * OSX has been renamed MacOS (except in travis-ci) 2019-03-05 12:09:27 +00:00			- `sha256sum` since `8.21` (on freebsd and MacOS `shasum` is used instead)
Fixes travis builds on macOS Changes: 1. Updates `.travis.yml` with proper versions of `gpg` 2. Updates `README.md` with minimal versions requirements Cloeses #96 2017-07-17 07:54:43 +00:00

CONTRIBUTING.md added 2016-07-02 13:18:53 +00:00			`## Contributing`
fixes after makefile crash 2016-02-21 13:26:17 +00:00
Add animated GIF preview of the asciinema recording and link on README.md (#560) 2019-11-14 11:17:09 +00:00			`Do you want to help the project? Find an [issue](https://github.com/sobolevn/git-secret/issues)`
improve text and break long lines 2018-04-17 03:43:57 +00:00			`and send a PR. It is more than welcomed! See [CONTRIBUTING.md](CONTRIBUTING.md) on how to do that.`
Adds documentation update Documentation: 1. Adds security note, closes #78 2. Adds a tweak about `random_seed` and `.gitsecret/`, closes #93 3. Adds `git --version` into issue tamplate, closes #95 4. Improves `README.md`, refs #79 2017-06-01 11:01:41 +00:00
			`### Security`

Improves README, refs #79. Update security note, closes #78 2017-11-28 05:57:11 +00:00			`In order to encrypt (git-secret hide -m) files only when modified, the path`
			`mappings file tracks sha256sum checksums of the files added (git-secret add) to`
			`git-secret's path mappings filesystem database. Although, the chances of`
			`encountering a sha collision are low, it is recommend that you pad files with`
			random data for greater security. Or avoid using the `-m` option altogether.
			`If your secret file holds more data than just a single password these`
			`precautions should not be necessary, but could be followed for greater`
			`security.`

small word fix. (#273) 2018-10-27 06:53:16 +00:00			If you found any security related issues, please do not disclose it in public. Send an email to `security@wemake.services`
fixes after makefile crash 2016-02-21 13:26:17 +00:00
Fixes travis builds on macOS Changes: 1. Updates `.travis.yml` with proper versions of `gpg` 2. Updates `README.md` with minimal versions requirements Cloeses #96 2017-07-17 07:54:43 +00:00
CONTRIBUTING.md added 2016-07-02 13:18:53 +00:00			`## Changelog`
fixes after makefile crash 2016-02-21 13:26:17 +00:00
update docs regarding builds, setup, and docker (#543) * update developer docs regarding builds, setup, and docker * more details about git hooks, PRs, and branch names * add links, corrections, clarifications, and typo fixes * link to semver.org * reorder packages and mention homebrew package 2019-09-20 14:57:32 +00:00			`git-secret` uses [semver](https://semver.org/). See [CHANGELOG.md](CHANGELOG.md).
fixes after makefile crash 2016-02-21 13:26:17 +00:00
Fixes travis builds on macOS Changes: 1. Updates `.travis.yml` with proper versions of `gpg` 2. Updates `README.md` with minimal versions requirements Cloeses #96 2017-07-17 07:54:43 +00:00
added notes about packages and for package maintainers (#301) * added notes about packages and for package maintainers * document how git tags interact with deb/rpm deploys * fix typos 2019-01-15 04:16:41 +00:00			`## Packagers`

fix typo 'fir' -> 'for' (#719) 2021-09-02 14:05:29 +00:00			Thanks to all the people and groups who package `git-secret` for easier install on particular OSes and distributions!
added notes about packages and for package maintainers (#301) * added notes about packages and for package maintainers * document how git tags interact with deb/rpm deploys * fix typos 2019-01-15 04:16:41 +00:00
Update README.md 2021-08-14 12:37:42 +00:00			`[![Packaging status](https://repology.org/badge/vertical-allrepos/git-secret.svg)](https://repology.org/project/git-secret/versions)`

			Here are some packagings of `git-secret` that we're aware of:
added notes about packages and for package maintainers (#301) * added notes about packages and for package maintainers * document how git tags interact with deb/rpm deploys * fix typos 2019-01-15 04:16:41 +00:00
update docs regarding builds, setup, and docker (#543) * update developer docs regarding builds, setup, and docker * more details about git hooks, PRs, and branch names * add links, corrections, clarifications, and typo fixes * link to semver.org * reorder packages and mention homebrew package 2019-09-20 14:57:32 +00:00			`- https://formulae.brew.sh/formula/git-secret`
added notes about packages and for package maintainers (#301) * added notes about packages and for package maintainers * document how git tags interact with deb/rpm deploys * fix typos 2019-01-15 04:16:41 +00:00			`- https://packages.ubuntu.com/bionic/git-secret`
Edit Fedora package URL (#625) 2020-11-21 07:30:53 +00:00			`- https://src.fedoraproject.org/rpms/git-secret`
update docs regarding builds, setup, and docker (#543) * update developer docs regarding builds, setup, and docker * more details about git hooks, PRs, and branch names * add links, corrections, clarifications, and typo fixes * link to semver.org * reorder packages and mention homebrew package 2019-09-20 14:57:32 +00:00			`- https://aur.archlinux.org/packages/git-secret/`
			`- https://pkgs.alpinelinux.org/package/edge/testing/x86/git-secret`
			`- https://packages.debian.org/sid/git-secret`
Update README.md 2019-11-04 12:28:28 +00:00			`- https://github.com/void-linux/void-packages/blob/master/srcpkgs/git-secret/template`
added notes about packages and for package maintainers (#301) * added notes about packages and for package maintainers * document how git tags interact with deb/rpm deploys * fix typos 2019-01-15 04:16:41 +00:00
Update README.md 2021-08-14 12:37:42 +00:00			Such packages are considered 'downstream' because the git-secret code 'flows' from the `git-secret` [repository](https://git-secret.io/installation)
added notes about packages and for package maintainers (#301) * added notes about packages and for package maintainers * document how git tags interact with deb/rpm deploys * fix typos 2019-01-15 04:16:41 +00:00			`to the various rpm/deb/dpkg/etc packages that are created for specific OSes and distributions.`

			`We have also added notes specifically for packagers in [CONTRIBUTING.md](CONTRIBUTING.md).`


Updates sponsor info 2019-09-03 21:07:01 +00:00			`## Sponsors`

			`Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/git-secret#sponsor)]`
Added backers and sponsors on the README 2018-02-03 07:57:57 +00:00
Updates sponsor info 2019-09-03 21:07:01 +00:00			`[![Sponsors](https://opencollective.com/git-secret/tiers/sponsor.svg?width=890)](https://opencollective.com/git-secret)`
Added backers and sponsors on the README 2018-02-03 07:57:57 +00:00

Updates sponsor info 2019-09-03 21:07:01 +00:00			`## Backers`
Added backers and sponsors on the README 2018-02-03 07:57:57 +00:00
Updates sponsor info 2019-09-03 21:07:01 +00:00			`Thanks to all our backers!`

			`[![Backers](https://opencollective.com/git-secret/tiers/backer.svg?width=890&avatarHeight=36)](https://opencollective.com/git-secret)`
Added backers and sponsors on the README 2018-02-03 07:57:57 +00:00

Updates sponsor info 2019-09-03 21:07:01 +00:00			`## Contributors`

			`This project exists thanks to all the people who contribute. [[Contribute](CONTRIBUTING.md)].`
			`<a href="https://github.com/sobolevn/git-secret/graphs/contributors"><img src="https://opencollective.com/git-secret/contributors.svg?width=890" /></a>`
restore sponsor links 2018-04-14 12:40:31 +00:00
Added backers and sponsors on the README 2018-02-03 07:57:57 +00:00
CONTRIBUTING.md added 2016-07-02 13:18:53 +00:00			`## License`
fixes after makefile crash 2016-02-21 13:26:17 +00:00
CONTRIBUTING.md added 2016-07-02 13:18:53 +00:00			`MIT. See [LICENSE.md](LICENSE.md) for details.`
readme and gratis 2016-07-02 14:16:12 +00:00
Fixes travis builds on macOS Changes: 1. Updates `.travis.yml` with proper versions of `gpg` 2. Updates `README.md` with minimal versions requirements Cloeses #96 2017-07-17 07:54:43 +00:00
readme and gratis 2016-07-02 14:16:12 +00:00			`## Thanks`
prerelease 2016-03-13 10:06:18 +00:00
Adds an attempt to fix the CI Changes: 1. Fixes the licence information in the `plugin.zsh` to be MIT 2. Fixes link in the README 3. Fixes some tests Closes #54 2017-02-04 20:15:16 +00:00			`Special thanks to [Elio Qoshi](https://elioqoshi.me/sq/) from [ura](http://ura.design/) for the awesome logo.`