2016-02-21 13:26:17 +00:00
|
|
|
git-secret-hide - encrypts all added files with the inner keyring.
|
|
|
|
|
==================================================================
|
|
|
|
|
|
|
|
|
|
## SYNOPSIS
|
|
|
|
|
|
2018-10-11 01:21:58 +00:00
|
|
|
git secret hide [-c] [-F] [-P] [-v] [-d] [-m]
|
2016-02-21 13:26:17 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
## DESCRIPTION
|
2018-10-11 01:21:58 +00:00
|
|
|
`git-secret-hide` creates an encrypted version (typically called `filename.txt.secret`)
|
|
|
|
|
of each file added by `git-secret-add` command.
|
2018-04-17 04:06:11 +00:00
|
|
|
Now anyone enabled via 'git secret tell' can can decrypt these files. Under the hood,
|
2018-10-11 01:21:58 +00:00
|
|
|
`git-secret` uses the keyring in `.gitsecret/keys` and user's secret keys to decrypt the files.
|
2016-02-21 13:26:17 +00:00
|
|
|
|
2018-10-11 01:21:58 +00:00
|
|
|
It is recommended to encrypt (or re-encrypt) all the files in a git-secret repo each
|
|
|
|
|
time `git secret hide` is run.
|
|
|
|
|
|
|
|
|
|
Otherwise the keychain (the one stored in `.gitsecret/keys/*.gpg`),
|
|
|
|
|
may have changed since the last time the files were encrypted, and it's possible
|
|
|
|
|
to create a state where the users in the output of `git secret whoknows`
|
|
|
|
|
may not be able to decrypt the some files in the repo, or may be able decrypt files
|
|
|
|
|
they're not supposed to be able to.
|
|
|
|
|
|
|
|
|
|
In other words, unless you re-encrypt all the files in a repo each time you 'hide' any,
|
|
|
|
|
it's possible to make it so some files can no longer be decrypted by users who should be
|
|
|
|
|
(and would appear) able to decrypt them, and vice-versa.
|
|
|
|
|
|
|
|
|
|
If you know what you are doing and wish to encrypt or re-encrypt only a subset of the files
|
2019-04-29 05:56:34 +00:00
|
|
|
even after reading the above paragraphs, you can use the -F or -m option to only encrypted
|
|
|
|
|
a subset of files. The -F option forces `git secret hide` to skip any hidden files
|
|
|
|
|
where the unencrypted versions aren't present. The -m option skips any hidden files that have
|
|
|
|
|
not be modified since the last time they were encrypted.
|
2018-10-11 01:21:58 +00:00
|
|
|
|
|
|
|
|
Also, it is possible to modify the names of the encrypted files by setting `SECRETS_EXTENSION` variable.
|
2016-02-21 13:26:17 +00:00
|
|
|
|
2018-08-26 17:24:39 +00:00
|
|
|
(See [git-secret(7)](http://git-secret.io/git-secret) for information about renaming the .gitsecret
|
|
|
|
|
folder using the SECRETS_DIR environment variable.
|
|
|
|
|
|
2019-08-16 20:53:57 +00:00
|
|
|
You can also enable verbosity using the SECRETS_VERBOSE environment variable,
|
|
|
|
|
as documented at [git-secret(7)](http://git-secret.io/)
|
|
|
|
|
|
2016-02-21 13:26:17 +00:00
|
|
|
|
|
|
|
|
## OPTIONS
|
|
|
|
|
|
|
|
|
|
-v - verbose, shows extra information.
|
|
|
|
|
-c - deletes encrypted files before creating new ones.
|
2018-10-11 01:21:58 +00:00
|
|
|
-F - forces hide to continue if a file to encrypt is missing.
|
2018-08-18 14:09:58 +00:00
|
|
|
-P - preserve permissions of unencrypted file in encrypted file.
|
2017-02-11 19:59:34 +00:00
|
|
|
-d - deletes unencrypted files after encryption.
|
2017-09-24 13:51:46 +00:00
|
|
|
-m - encrypt files only when modified.
|
2016-02-21 13:26:17 +00:00
|
|
|
-h - shows help.
|
|
|
|
|
|
Version 0.2.2 pre-release
There are a lot of changes, multiple things were refactored: tests,
some commands, building and meta.
Several critical bugs fixed.
Changes:
1. Fixed #74, when `_user_required` was not working after reimporting keys
2. Closes #73, now it is possible to provide multiple emails to the `killperson` command
3. Closes #72, now it is possible to provide multiple emails to the `tell` command
4. Closes #71, now every doc in this project refer to `git-secret.io` instead of old `gh-pages` website
5. Closes #70, now installation section is removed from main `man` file
6. Closes #69, now "See also" section in the `man`s are clickable
7. Closes #61, added "Manual" section to the manuals
8. Refs #38, added `centos` Dockerfile, but `ci` testing is still failing
9. Refs #52, tests are refactored. Added `clean` command tests, removed a lot of hardcoded things, moved tests execution from `./temp` folder to `/tmp`, added a lot of new check in old tests, and some new test cases
10. Refactored `hide` and `clean` commands to be shorter
11. `shellcheck` is now supported with `make lint`
Additional features are not comming to 0.2.2 after this commit.
2017-02-26 13:38:46 +00:00
|
|
|
## MANUAL
|
|
|
|
|
|
|
|
|
|
Run `man git-secret-hide` to see this note.
|
|
|
|
|
|
|
|
|
|
|
2016-02-21 13:26:17 +00:00
|
|
|
## SEE ALSO
|
|
|
|
|
|
2018-04-17 04:06:11 +00:00
|
|
|
[git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-tell(1)](http://git-secret.io/git-secret-tell),
|
|
|
|
|
[git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal),
|
|
|
|
|
[git-secret-cat(1)](http://git-secret.io/git-secret-cat)
|
