git-secret/README.md

# git-secret

[![Backers on Open Collective](https://opencollective.com/git-secret/backers/badge.svg)](#backers) [![Sponsors on Open Collective](https://opencollective.com/git-secret/sponsors/badge.svg)](#sponsors) [![Build Status](https://img.shields.io/travis/sobolevn/git-secret/master.svg)](https://travis-ci.org/sobolevn/git-secret) [![Homebrew](https://img.shields.io/homebrew/v/git-secret.svg)](http://braumeister.org/formula/git-secret) [![Bintray deb](https://img.shields.io/bintray/v/sobolevn/deb/git-secret.svg)](https://bintray.com/sobolevn/deb/git-secret/view)

[![git-secret](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/git-secret-big.png)](http://git-secret.io/)


## What is `git-secret`?

`git-secret` is a bash tool which stores private data inside a git repo. 
`git-secret` encrypts tracked files with public keys for users whom you trust using `gpg`, 
allowing permitted users to access encrypted data using their secret keys. 
With `git-secret`, changes to access rights are made easy and private-public key issues are handled for you. 
Passwords do not need to be changed with `git-secret` when someone's permission is revoked - 
just remove their key from the keychain using `git secret killperson their@email.com`, 
and re-encrypt the files, and they won't be able to decrypt secrets anymore.


## Preview

[![git-secret terminal preview](https://asciinema.org/a/41811.png)](https://asciinema.org/a/41811?autoplay=1)


## Installation

`git-secret` supports `brew`, just type: `brew install git-secret`

It also supports `apt` and `yum`. You can also use `make` if you want to. 
See the [installation section](http://git-secret.io/installation) for the details.

### Requirements

`git-secret` relies on several external packages:

- `bash` since `3.2.57` (it is hard to tell the correct `patch` release)
- `gawk` since `4.0.2`
- `git` since `1.8.3.1`
- `gpg` since `gnupg 1.4` to `gnupg 2.X`
- `sha256sum` since `8.21` (on freebsd and OSX `shasum` is used instead)


## Contributing

Do you want to help the project? Find an [issue](https://github.com/sobolevn/git-secret/issues) 
and send a PR. It is more than welcomed! See [CONTRIBUTING.md](CONTRIBUTING.md) on how to do that.

### Security

In order to encrypt (git-secret hide -m) files only when modified, the path
mappings file tracks sha256sum checksums of the files added (git-secret add) to
git-secret's path mappings filesystem database. Although, the chances of
encountering a sha collision are low, it is recommend that you pad files with
random data for greater security. Or avoid using  the `-m` option altogether.
If your secret file holds more data than just a single password these
precautions should not be necessary, but could be followed for greater
security.

If you found any security related issues, please do not disclose it in public. Send an email to `security@wemake.services`


## Changelog

`git-secret` uses semver. See [CHANGELOG.md](CHANGELOG.md).


## Contributors

This project exists thanks to all the people who contribute. [[Contribute](CONTRIBUTING.md)].
<a href="graphs/contributors"><img src="https://opencollective.com/git-secret/contributors.svg?width=890" /></a>


## Backers

Thank you to all our backers! 🙏 [[Become a backer](https://opencollective.com/git-secret#backer)]

<a href="https://opencollective.com/git-secret#backers" target="_blank"><img src="https://opencollective.com/git-secret/backers.svg?width=890"></a>


## Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/git-secret#sponsor)]

<a href="https://opencollective.com/git-secret/sponsor/0/website" target="_blank"><img src="https://opencollective.com/git-secret/sponsor/0/avatar.svg"></a>
<a href="https://opencollective.com/git-secret/sponsor/1/website" target="_blank"><img src="https://opencollective.com/git-secret/sponsor/1/avatar.svg"></a>
<a href="https://opencollective.com/git-secret/sponsor/2/website" target="_blank"><img src="https://opencollective.com/git-secret/sponsor/2/avatar.svg"></a>
<a href="https://opencollective.com/git-secret/sponsor/3/website" target="_blank"><img src="https://opencollective.com/git-secret/sponsor/3/avatar.svg"></a>
<a href="https://opencollective.com/git-secret/sponsor/4/website" target="_blank"><img src="https://opencollective.com/git-secret/sponsor/4/avatar.svg"></a>
<a href="https://opencollective.com/git-secret/sponsor/5/website" target="_blank"><img src="https://opencollective.com/git-secret/sponsor/5/avatar.svg"></a>
<a href="https://opencollective.com/git-secret/sponsor/6/website" target="_blank"><img src="https://opencollective.com/git-secret/sponsor/6/avatar.svg"></a>
<a href="https://opencollective.com/git-secret/sponsor/7/website" target="_blank"><img src="https://opencollective.com/git-secret/sponsor/7/avatar.svg"></a>
<a href="https://opencollective.com/git-secret/sponsor/8/website" target="_blank"><img src="https://opencollective.com/git-secret/sponsor/8/avatar.svg"></a>
<a href="https://opencollective.com/git-secret/sponsor/9/website" target="_blank"><img src="https://opencollective.com/git-secret/sponsor/9/avatar.svg"></a>


## License

MIT. See [LICENSE.md](LICENSE.md) for details.


## Thanks

Special thanks to [Elio Qoshi](https://elioqoshi.me/sq/) from [ura](http://ura.design/) for the awesome logo.
fixes after makefile crash 2016-02-21 13:26:17 +00:00			`# git-secret`

Update README.md 2018-02-03 08:13:49 +00:00			[![Backers on Open Collective](https://opencollective.com/git-secret/backers/badge.svg)](#backers) [![Sponsors on Open Collective](https://opencollective.com/git-secret/sponsors/badge.svg)](#sponsors) [![Build Status](https://img.shields.io/travis/sobolevn/git-secret/master.svg)](https://travis-ci.org/sobolevn/git-secret) [![Homebrew](https://img.shields.io/homebrew/v/git-secret.svg)](http://braumeister.org/formula/git-secret) [![Bintray deb](https://img.shields.io/bintray/v/sobolevn/deb/git-secret.svg)](https://bintray.com/sobolevn/deb/git-secret/view)
CONTRIBUTING.md added 2016-07-02 13:18:53 +00:00
Version 0.2.2 pre-release There are a lot of changes, multiple things were refactored: tests, some commands, building and meta. Several critical bugs fixed. Changes: 1. Fixed #74, when `_user_required` was not working after reimporting keys 2. Closes #73, now it is possible to provide multiple emails to the `killperson` command 3. Closes #72, now it is possible to provide multiple emails to the `tell` command 4. Closes #71, now every doc in this project refer to `git-secret.io` instead of old `gh-pages` website 5. Closes #70, now installation section is removed from main `man` file 6. Closes #69, now "See also" section in the `man`s are clickable 7. Closes #61, added "Manual" section to the manuals 8. Refs #38, added `centos` Dockerfile, but `ci` testing is still failing 9. Refs #52, tests are refactored. Added `clean` command tests, removed a lot of hardcoded things, moved tests execution from `./temp` folder to `/tmp`, added a lot of new check in old tests, and some new test cases 10. Refactored `hide` and `clean` commands to be shorter 11. `shellcheck` is now supported with `make lint` Additional features are not comming to 0.2.2 after this commit. 2017-02-26 13:38:46 +00:00			`[![git-secret](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/git-secret-big.png)](http://git-secret.io/)`
readme and gratis 2016-07-02 14:16:12 +00:00
Fixes travis builds on macOS Changes: 1. Updates `.travis.yml` with proper versions of `gpg` 2. Updates `README.md` with minimal versions requirements Cloeses #96 2017-07-17 07:54:43 +00:00
CONTRIBUTING.md added 2016-07-02 13:18:53 +00:00			## What is `git-secret`?

improve text and break long lines 2018-04-17 03:43:57 +00:00			`git-secret` is a bash tool which stores private data inside a git repo.
			`git-secret` encrypts tracked files with public keys for users whom you trust using `gpg`,
			`allowing permitted users to access encrypted data using their secret keys.`
			With `git-secret`, changes to access rights are made easy and private-public key issues are handled for you.
			Passwords do not need to be changed with `git-secret` when someone's permission is revoked -
			just remove their key from the keychain using `git secret killperson their@email.com`,
			`and re-encrypt the files, and they won't be able to decrypt secrets anymore.`
fixes after makefile crash 2016-02-21 13:26:17 +00:00
Fixes travis builds on macOS Changes: 1. Updates `.travis.yml` with proper versions of `gpg` 2. Updates `README.md` with minimal versions requirements Cloeses #96 2017-07-17 07:54:43 +00:00
new README 2016-02-24 11:24:07 +00:00			`## Preview`

Fixes the `gpg2` issue by changing the way fixture installation and uninstallation were handled. Also `--dry-run` option was added to the `git-secret` command. 2016-04-10 11:14:41 +00:00			`[![git-secret terminal preview](https://asciinema.org/a/41811.png)](https://asciinema.org/a/41811?autoplay=1)`
new README 2016-02-24 11:24:07 +00:00
Fixes travis builds on macOS Changes: 1. Updates `.travis.yml` with proper versions of `gpg` 2. Updates `README.md` with minimal versions requirements Cloeses #96 2017-07-17 07:54:43 +00:00
Adds documentation update Documentation: 1. Adds security note, closes #78 2. Adds a tweak about `random_seed` and `.gitsecret/`, closes #93 3. Adds `git --version` into issue tamplate, closes #95 4. Improves `README.md`, refs #79 2017-06-01 11:01:41 +00:00			`## Installation`
new README 2016-02-24 11:24:07 +00:00
Adds documentation update Documentation: 1. Adds security note, closes #78 2. Adds a tweak about `random_seed` and `.gitsecret/`, closes #93 3. Adds `git --version` into issue tamplate, closes #95 4. Improves `README.md`, refs #79 2017-06-01 11:01:41 +00:00			`git-secret` supports `brew`, just type: `brew install git-secret`
new README 2016-02-24 11:24:07 +00:00
Update README.md 2018-01-28 07:34:53 +00:00			It also supports `apt` and `yum`. You can also use `make` if you want to.
Adds documentation update Documentation: 1. Adds security note, closes #78 2. Adds a tweak about `random_seed` and `.gitsecret/`, closes #93 3. Adds `git --version` into issue tamplate, closes #95 4. Improves `README.md`, refs #79 2017-06-01 11:01:41 +00:00			`See the [installation section](http://git-secret.io/installation) for the details.`
prerelease 2016-03-13 10:06:18 +00:00
Fixes travis builds on macOS Changes: 1. Updates `.travis.yml` with proper versions of `gpg` 2. Updates `README.md` with minimal versions requirements Cloeses #96 2017-07-17 07:54:43 +00:00			`### Requirements`

			`git-secret` relies on several external packages:

			- `bash` since `3.2.57` (it is hard to tell the correct `patch` release)
Documenting minimum versions, closes #96 2017-11-28 05:35:16 +00:00			- `gawk` since `4.0.2`
			- `git` since `1.8.3.1`
			- `gpg` since `gnupg 1.4` to `gnupg 2.X`
support FreeBSD (#260) * start FreeBSD support * permissions change * improve command to fetch permissions. * note we use 'shasum' and not 'sha256sum' on osx and freebsd 2018-09-22 20:08:21 +00:00			- `sha256sum` since `8.21` (on freebsd and OSX `shasum` is used instead)
Fixes travis builds on macOS Changes: 1. Updates `.travis.yml` with proper versions of `gpg` 2. Updates `README.md` with minimal versions requirements Cloeses #96 2017-07-17 07:54:43 +00:00

CONTRIBUTING.md added 2016-07-02 13:18:53 +00:00			`## Contributing`
fixes after makefile crash 2016-02-21 13:26:17 +00:00
improve text and break long lines 2018-04-17 03:43:57 +00:00			`Do you want to help the project? Find an [issue](https://github.com/sobolevn/git-secret/issues)`
			`and send a PR. It is more than welcomed! See [CONTRIBUTING.md](CONTRIBUTING.md) on how to do that.`
Adds documentation update Documentation: 1. Adds security note, closes #78 2. Adds a tweak about `random_seed` and `.gitsecret/`, closes #93 3. Adds `git --version` into issue tamplate, closes #95 4. Improves `README.md`, refs #79 2017-06-01 11:01:41 +00:00
			`### Security`

Improves README, refs #79. Update security note, closes #78 2017-11-28 05:57:11 +00:00			`In order to encrypt (git-secret hide -m) files only when modified, the path`
			`mappings file tracks sha256sum checksums of the files added (git-secret add) to`
			`git-secret's path mappings filesystem database. Although, the chances of`
			`encountering a sha collision are low, it is recommend that you pad files with`
			random data for greater security. Or avoid using the `-m` option altogether.
			`If your secret file holds more data than just a single password these`
			`precautions should not be necessary, but could be followed for greater`
			`security.`

small word fix. (#273) 2018-10-27 06:53:16 +00:00			If you found any security related issues, please do not disclose it in public. Send an email to `security@wemake.services`
fixes after makefile crash 2016-02-21 13:26:17 +00:00
Fixes travis builds on macOS Changes: 1. Updates `.travis.yml` with proper versions of `gpg` 2. Updates `README.md` with minimal versions requirements Cloeses #96 2017-07-17 07:54:43 +00:00
CONTRIBUTING.md added 2016-07-02 13:18:53 +00:00			`## Changelog`
fixes after makefile crash 2016-02-21 13:26:17 +00:00
Adds documentation update Documentation: 1. Adds security note, closes #78 2. Adds a tweak about `random_seed` and `.gitsecret/`, closes #93 3. Adds `git --version` into issue tamplate, closes #95 4. Improves `README.md`, refs #79 2017-06-01 11:01:41 +00:00			`git-secret` uses semver. See [CHANGELOG.md](CHANGELOG.md).
fixes after makefile crash 2016-02-21 13:26:17 +00:00
Fixes travis builds on macOS Changes: 1. Updates `.travis.yml` with proper versions of `gpg` 2. Updates `README.md` with minimal versions requirements Cloeses #96 2017-07-17 07:54:43 +00:00
Added backers and sponsors on the README 2018-02-03 07:57:57 +00:00			`## Contributors`

			`This project exists thanks to all the people who contribute. [[Contribute](CONTRIBUTING.md)].`
			`<a href="graphs/contributors"><img src="https://opencollective.com/git-secret/contributors.svg?width=890" /></a>`


			`## Backers`

			`Thank you to all our backers! 🙏 [[Become a backer](https://opencollective.com/git-secret#backer)]`

			`<a href="https://opencollective.com/git-secret#backers" target="_blank"><img src="https://opencollective.com/git-secret/backers.svg?width=890"></a>`


			`## Sponsors`

			`Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/git-secret#sponsor)]`

restore sponsor links 2018-04-14 12:40:31 +00:00			`<a href="https://opencollective.com/git-secret/sponsor/0/website" target="_blank"><img src="https://opencollective.com/git-secret/sponsor/0/avatar.svg"></a>`
			`<a href="https://opencollective.com/git-secret/sponsor/1/website" target="_blank"><img src="https://opencollective.com/git-secret/sponsor/1/avatar.svg"></a>`
			`<a href="https://opencollective.com/git-secret/sponsor/2/website" target="_blank"><img src="https://opencollective.com/git-secret/sponsor/2/avatar.svg"></a>`
			`<a href="https://opencollective.com/git-secret/sponsor/3/website" target="_blank"><img src="https://opencollective.com/git-secret/sponsor/3/avatar.svg"></a>`
			`<a href="https://opencollective.com/git-secret/sponsor/4/website" target="_blank"><img src="https://opencollective.com/git-secret/sponsor/4/avatar.svg"></a>`
			`<a href="https://opencollective.com/git-secret/sponsor/5/website" target="_blank"><img src="https://opencollective.com/git-secret/sponsor/5/avatar.svg"></a>`
			`<a href="https://opencollective.com/git-secret/sponsor/6/website" target="_blank"><img src="https://opencollective.com/git-secret/sponsor/6/avatar.svg"></a>`
			`<a href="https://opencollective.com/git-secret/sponsor/7/website" target="_blank"><img src="https://opencollective.com/git-secret/sponsor/7/avatar.svg"></a>`
			`<a href="https://opencollective.com/git-secret/sponsor/8/website" target="_blank"><img src="https://opencollective.com/git-secret/sponsor/8/avatar.svg"></a>`
			`<a href="https://opencollective.com/git-secret/sponsor/9/website" target="_blank"><img src="https://opencollective.com/git-secret/sponsor/9/avatar.svg"></a>`

Added backers and sponsors on the README 2018-02-03 07:57:57 +00:00
CONTRIBUTING.md added 2016-07-02 13:18:53 +00:00			`## License`
fixes after makefile crash 2016-02-21 13:26:17 +00:00
CONTRIBUTING.md added 2016-07-02 13:18:53 +00:00			`MIT. See [LICENSE.md](LICENSE.md) for details.`
readme and gratis 2016-07-02 14:16:12 +00:00
Fixes travis builds on macOS Changes: 1. Updates `.travis.yml` with proper versions of `gpg` 2. Updates `README.md` with minimal versions requirements Cloeses #96 2017-07-17 07:54:43 +00:00
readme and gratis 2016-07-02 14:16:12 +00:00			`## Thanks`
prerelease 2016-03-13 10:06:18 +00:00
Adds an attempt to fix the CI Changes: 1. Fixes the licence information in the `plugin.zsh` to be MIT 2. Fixes link in the README 3. Fixes some tests Closes #54 2017-02-04 20:15:16 +00:00			`Special thanks to [Elio Qoshi](https://elioqoshi.me/sq/) from [ura](http://ura.design/) for the awesome logo.`