git-secret/man/man1/git-secret-hide.1

.\" generated with Ronn/v0.7.3
.\" http://github.com/rtomayko/ronn/tree/0.7.3
.
.TH "GIT\-SECRET\-HIDE" "1" "April 2022" "sobolevn" "git-secret 0.5.0-alpha1"
.
.SH "NAME"
\fBgit\-secret\-hide\fR \- encrypts all added files with the inner keyring\.
.
.SH "SYNOPSIS"
.
.nf

git secret hide [\-c] [\-F] [\-P] [\-v] [\-d] [\-m]
.
.fi
.
.SH "DESCRIPTION"
\fBgit\-secret\-hide\fR \- writes an encrypted version (typically called \fBfilename\.txt\.secret\fR) of each file added by \fBgit\-secret\-add\fR command\.
.
.P
Then anyone enabled via \fBgit secret tell\fR can decrypt these files\.
.
.P
Under the hood, \fBgit\-secret\fR uses the keyring of public keys in \fB\.gitsecret/keys\fR to \fIencrypt\fR files\. Later a permitted user can use their secret key (typically from their home directory) to \fIdecrypt\fR files\.
.
.P
It is recommended to encrypt (or re\-encrypt) all the files in a \fBgit\-secret\fR repo each time \fBgit secret hide\fR is run\.
.
.br
Otherwise the keyring (the one stored in \fB\.gitsecret/keys/*\.gpg\fR), may have changed since the last time the files were encrypted, and it\'s possible to create a state where the users in the output of \fBgit secret whoknows\fR may not be able to decrypt the some files in the repo, or may be able decrypt files they\'re not supposed to be able to\.
.
.P
In other words, unless you re\-encrypt all the files in a repo each time you \fBhide\fR any, it\'s possible to make it so some files can no longer be decrypted by users who should be (and would appear) able to decrypt them, and vice\-versa\.
.
.P
If you know what you are doing and wish to encrypt or re\-encrypt only a subset of the files even after reading the above paragraphs, you can use the \fB\-F\fR or \fB\-m\fR options\. The \fB\-F\fR option forces \fBgit secret hide\fR to skip any hidden files where the unencrypted versions aren\'t present\. The \fB\-m\fR option skips any hidden files that have not be been modified since the last time they were encrypted\.
.
.SH "OPTIONS"
.
.nf

\-v  \- verbose, shows extra information\.
\-c  \- deletes encrypted files before creating new ones\.
\-F  \- forces hide to continue if a file to encrypt is missing\.
\-P  \- preserve permissions of unencrypted file in encrypted file\.
\-d  \- deletes unencrypted files after encryption\.
\-m  \- encrypt files only when modified\.
\-h  \- shows help\.
.
.fi
.
.SH "ENV VARIABLES"
.
.IP "\(bu" 4
\fBSECRETS_GPG_COMMAND\fR changes the default \fBgpg\fR command to anything else
.
.IP "\(bu" 4
\fBSECRETS_GPG_ARMOR\fR is a boolean to enable \fB\-\-armor\fR mode \fIhttps://www\.gnupg\.org/gph/en/manual/r1290\.html\fR to store secrets in text format over binary
.
.IP "\(bu" 4
\fBSECRETS_DIR\fR changes the default \fB\.gitsecret/\fR folder to another name as documented at git\-secret(7) \fIhttps://git\-secret\.io/\fR
.
.IP "\(bu" 4
\fBSECRETS_EXTENSION\fR changes the default \fB\.secret\fR file extension
.
.IP "\(bu" 4
\fBSECRETS_VERBOSE\fR changes the output verbosity as documented at git\-secret(7) \fIhttps://git\-secret\.io/\fR
.
.IP "\(bu" 4
\fBSECRETS_PINENTRY\fR changes the \fBgpg \-\-pinentry\fR mode \fIhttps://github\.com/gpg/pinentry\fR as documented at git\-secret(7) \fIhttps://git\-secret\.io/\fR
.
.IP "" 0
.
.SH "MANUAL"
Run \fBman git\-secret\-hide\fR to see this document\.
.
.SH "SEE ALSO"
git\-secret\-init(1) \fIhttps://git\-secret\.io/git\-secret\-init\fR, git\-secret\-tell(1) \fIhttps://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-add(1) \fIhttps://git\-secret\.io/git\-secret\-add\fR, git\-secret\-reveal(1) \fIhttps://git\-secret\.io/git\-secret\-reveal\fR, git\-secret\-cat(1) \fIhttps://git\-secret\.io/git\-secret\-cat\fR
pre fix 2016-02-23 21:48:25 +00:00			`.\" generated with Ronn/v0.7.3`
			`.\" http://github.com/rtomayko/ronn/tree/0.7.3`
			`.`
update man pages 2022-04-16 00:12:48 +00:00			`.TH "GIT\-SECRET\-HIDE" "1" "April 2022" "sobolevn" "git-secret 0.5.0-alpha1"`
pre fix 2016-02-23 21:48:25 +00:00			`.`
			`.SH "NAME"`
			`\fBgit\-secret\-hide\fR \- encrypts all added files with the inner keyring\.`
			`.`
			`.SH "SYNOPSIS"`
			`.`
			`.nf`

WIP: Force mode for hide and reveal (#263) * -F (force even if gpg fails) option for hide and reveal * allow 'reveal' to decrypt a subset of files. * update and regen man pages * man pages update and improvements * text about why all files should be hidden at once * add _warn() and _warn_or_abort() * tests for -F option * glob source .sh files in Makefile better * add comment about issue #238. cleanup error msg. * test exact case in #253 * disable gnupg doc building on ubuntu-rolling 2018-10-11 01:21:58 +00:00			`git secret hide [\-c] [\-F] [\-P] [\-v] [\-d] [\-m]`
pre fix 2016-02-23 21:48:25 +00:00			`.`
			`.fi`
			`.`
			`.SH "DESCRIPTION"`
update man pages 2022-04-16 00:12:48 +00:00			`\fBgit\-secret\-hide\fR \- writes an encrypted version (typically called \fBfilename\.txt\.secret\fR) of each file added by \fBgit\-secret\-add\fR command\.`
pre fix 2016-02-23 21:48:25 +00:00			`.`
			`.P`
update man pages 2022-04-16 00:12:48 +00:00			`Then anyone enabled via \fBgit secret tell\fR can decrypt these files\.`
			`.`
			`.P`
			`Under the hood, \fBgit\-secret\fR uses the keyring of public keys in \fB\.gitsecret/keys\fR to \fIencrypt\fR files\. Later a permitted user can use their secret key (typically from their home directory) to \fIdecrypt\fR files\.`
WIP: Force mode for hide and reveal (#263) * -F (force even if gpg fails) option for hide and reveal * allow 'reveal' to decrypt a subset of files. * update and regen man pages * man pages update and improvements * text about why all files should be hidden at once * add _warn() and _warn_or_abort() * tests for -F option * glob source .sh files in Makefile better * add comment about issue #238. cleanup error msg. * test exact case in #253 * disable gnupg doc building on ubuntu-rolling 2018-10-11 01:21:58 +00:00			`.`
			`.P`
update man pages 2022-04-16 00:12:48 +00:00			`It is recommended to encrypt (or re\-encrypt) all the files in a \fBgit\-secret\fR repo each time \fBgit secret hide\fR is run\.`
			`.`
			`.br`
			`Otherwise the keyring (the one stored in \fB\.gitsecret/keys/*\.gpg\fR), may have changed since the last time the files were encrypted, and it\'s possible to create a state where the users in the output of \fBgit secret whoknows\fR may not be able to decrypt the some files in the repo, or may be able decrypt files they\'re not supposed to be able to\.`
WIP: Force mode for hide and reveal (#263) * -F (force even if gpg fails) option for hide and reveal * allow 'reveal' to decrypt a subset of files. * update and regen man pages * man pages update and improvements * text about why all files should be hidden at once * add _warn() and _warn_or_abort() * tests for -F option * glob source .sh files in Makefile better * add comment about issue #238. cleanup error msg. * test exact case in #253 * disable gnupg doc building on ubuntu-rolling 2018-10-11 01:21:58 +00:00			`.`
			`.P`
Issue 630 hide armored2 (#661) * use gpg --armor when hiding/encrypting files * update changelog * Adds SECRETS_GPG_ARMOR env variable * Fixes lint * One more test * Addresses review Co-authored-by: sobolevn <mail@sobolevn.me> 2021-06-26 13:24:26 +00:00			`In other words, unless you re\-encrypt all the files in a repo each time you \fBhide\fR any, it\'s possible to make it so some files can no longer be decrypted by users who should be (and would appear) able to decrypt them, and vice\-versa\.`
WIP: Force mode for hide and reveal (#263) * -F (force even if gpg fails) option for hide and reveal * allow 'reveal' to decrypt a subset of files. * update and regen man pages * man pages update and improvements * text about why all files should be hidden at once * add _warn() and _warn_or_abort() * tests for -F option * glob source .sh files in Makefile better * add comment about issue #238. cleanup error msg. * test exact case in #253 * disable gnupg doc building on ubuntu-rolling 2018-10-11 01:21:58 +00:00			`.`
			`.P`
Issue 630 hide armored2 (#661) * use gpg --armor when hiding/encrypting files * update changelog * Adds SECRETS_GPG_ARMOR env variable * Fixes lint * One more test * Addresses review Co-authored-by: sobolevn <mail@sobolevn.me> 2021-06-26 13:24:26 +00:00			`If you know what you are doing and wish to encrypt or re\-encrypt only a subset of the files even after reading the above paragraphs, you can use the \fB\-F\fR or \fB\-m\fR options\. The \fB\-F\fR option forces \fBgit secret hide\fR to skip any hidden files where the unencrypted versions aren\'t present\. The \fB\-m\fR option skips any hidden files that have not be been modified since the last time they were encrypted\.`
update man pages and changelog 2019-09-18 20:56:42 +00:00			`.`
pre fix 2016-02-23 21:48:25 +00:00			`.SH "OPTIONS"`
			`.`
			`.nf`

			`\-v \- verbose, shows extra information\.`
			`\-c \- deletes encrypted files before creating new ones\.`
WIP: Force mode for hide and reveal (#263) * -F (force even if gpg fails) option for hide and reveal * allow 'reveal' to decrypt a subset of files. * update and regen man pages * man pages update and improvements * text about why all files should be hidden at once * add _warn() and _warn_or_abort() * tests for -F option * glob source .sh files in Makefile better * add comment about issue #238. cleanup error msg. * test exact case in #253 * disable gnupg doc building on ubuntu-rolling 2018-10-11 01:21:58 +00:00			`\-F \- forces hide to continue if a file to encrypt is missing\.`
update man pages 2018-08-18 14:27:55 +00:00			`\-P \- preserve permissions of unencrypted file in encrypted file\.`
Add -d option to hide command to remove unencrypted files. 2017-02-11 19:59:34 +00:00			`\-d \- deletes unencrypted files after encryption\.`
doc encrypt on change option for hide cmd 2017-09-24 13:51:46 +00:00			`\-m \- encrypt files only when modified\.`
pre fix 2016-02-23 21:48:25 +00:00			`\-h \- shows help\.`
			`.`
			`.fi`
			`.`
Issue 630 hide armored2 (#661) * use gpg --armor when hiding/encrypting files * update changelog * Adds SECRETS_GPG_ARMOR env variable * Fixes lint * One more test * Addresses review Co-authored-by: sobolevn <mail@sobolevn.me> 2021-06-26 13:24:26 +00:00			`.SH "ENV VARIABLES"`
			`.`
			`.IP "\(bu" 4`
			`\fBSECRETS_GPG_COMMAND\fR changes the default \fBgpg\fR command to anything else`
			`.`
			`.IP "\(bu" 4`
			`\fBSECRETS_GPG_ARMOR\fR is a boolean to enable \fB\-\-armor\fR mode \fIhttps://www\.gnupg\.org/gph/en/manual/r1290\.html\fR to store secrets in text format over binary`
			`.`
			`.IP "\(bu" 4`
Closes #618 2021-06-26 14:17:37 +00:00			`\fBSECRETS_DIR\fR changes the default \fB\.gitsecret/\fR folder to another name as documented at git\-secret(7) \fIhttps://git\-secret\.io/\fR`
Issue 630 hide armored2 (#661) * use gpg --armor when hiding/encrypting files * update changelog * Adds SECRETS_GPG_ARMOR env variable * Fixes lint * One more test * Addresses review Co-authored-by: sobolevn <mail@sobolevn.me> 2021-06-26 13:24:26 +00:00			`.`
			`.IP "\(bu" 4`
			`\fBSECRETS_EXTENSION\fR changes the default \fB\.secret\fR file extension`
			`.`
			`.IP "\(bu" 4`
Closes #618 2021-06-26 14:17:37 +00:00			`\fBSECRETS_VERBOSE\fR changes the output verbosity as documented at git\-secret(7) \fIhttps://git\-secret\.io/\fR`
Issue 630 hide armored2 (#661) * use gpg --armor when hiding/encrypting files * update changelog * Adds SECRETS_GPG_ARMOR env variable * Fixes lint * One more test * Addresses review Co-authored-by: sobolevn <mail@sobolevn.me> 2021-06-26 13:24:26 +00:00			`.`
			`.IP "\(bu" 4`
Closes #618 2021-06-26 14:17:37 +00:00			`\fBSECRETS_PINENTRY\fR changes the \fBgpg \-\-pinentry\fR mode \fIhttps://github\.com/gpg/pinentry\fR as documented at git\-secret(7) \fIhttps://git\-secret\.io/\fR`
Issue 630 hide armored2 (#661) * use gpg --armor when hiding/encrypting files * update changelog * Adds SECRETS_GPG_ARMOR env variable * Fixes lint * One more test * Addresses review Co-authored-by: sobolevn <mail@sobolevn.me> 2021-06-26 13:24:26 +00:00			`.`
			`.IP "" 0`
			`.`
Version 0.2.2 pre-release There are a lot of changes, multiple things were refactored: tests, some commands, building and meta. Several critical bugs fixed. Changes: 1. Fixed #74, when `_user_required` was not working after reimporting keys 2. Closes #73, now it is possible to provide multiple emails to the `killperson` command 3. Closes #72, now it is possible to provide multiple emails to the `tell` command 4. Closes #71, now every doc in this project refer to `git-secret.io` instead of old `gh-pages` website 5. Closes #70, now installation section is removed from main `man` file 6. Closes #69, now "See also" section in the `man`s are clickable 7. Closes #61, added "Manual" section to the manuals 8. Refs #38, added `centos` Dockerfile, but `ci` testing is still failing 9. Refs #52, tests are refactored. Added `clean` command tests, removed a lot of hardcoded things, moved tests execution from `./temp` folder to `/tmp`, added a lot of new check in old tests, and some new test cases 10. Refactored `hide` and `clean` commands to be shorter 11. `shellcheck` is now supported with `make lint` Additional features are not comming to 0.2.2 after this commit. 2017-02-26 13:38:46 +00:00			`.SH "MANUAL"`
update man pages 2022-04-16 00:12:48 +00:00			`Run \fBman git\-secret\-hide\fR to see this document\.`
Version 0.2.2 pre-release There are a lot of changes, multiple things were refactored: tests, some commands, building and meta. Several critical bugs fixed. Changes: 1. Fixed #74, when `_user_required` was not working after reimporting keys 2. Closes #73, now it is possible to provide multiple emails to the `killperson` command 3. Closes #72, now it is possible to provide multiple emails to the `tell` command 4. Closes #71, now every doc in this project refer to `git-secret.io` instead of old `gh-pages` website 5. Closes #70, now installation section is removed from main `man` file 6. Closes #69, now "See also" section in the `man`s are clickable 7. Closes #61, added "Manual" section to the manuals 8. Refs #38, added `centos` Dockerfile, but `ci` testing is still failing 9. Refs #52, tests are refactored. Added `clean` command tests, removed a lot of hardcoded things, moved tests execution from `./temp` folder to `/tmp`, added a lot of new check in old tests, and some new test cases 10. Refactored `hide` and `clean` commands to be shorter 11. `shellcheck` is now supported with `make lint` Additional features are not comming to 0.2.2 after this commit. 2017-02-26 13:38:46 +00:00			`.`
pre fix 2016-02-23 21:48:25 +00:00			`.SH "SEE ALSO"`
Closes #618 2021-06-26 14:17:37 +00:00			`git\-secret\-init(1) \fIhttps://git\-secret\.io/git\-secret\-init\fR, git\-secret\-tell(1) \fIhttps://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-add(1) \fIhttps://git\-secret\.io/git\-secret\-add\fR, git\-secret\-reveal(1) \fIhttps://git\-secret\.io/git\-secret\-reveal\fR, git\-secret\-cat(1) \fIhttps://git\-secret\.io/git\-secret\-cat\fR`