git-secret-hide - encrypts all added files with repo keyring.
==================================================================
## SYNOPSIS
git secret hide [-c] [-F] [-P] [-v] [-d] [-m]
## DESCRIPTION
`git-secret-hide` - writes an encrypted version of each file added by `git-secret-add` command.
Then anyone enabled via `git secret tell` can decrypt these files.
Under the hood, `git-secret` uses the keyring of public keys in `.gitsecret/keys` to _encrypt_ files,
encrypted versions are typically called `filename.txt.secret` .
Later permitted users can use their secret key (typically from their home directory) to _decrypt_ files.
It is recommended to encrypt (or re-encrypt) all the files in a `git-secret` repo each
time `git secret hide` is run.
Otherwise the keyring (the one stored in `.gitsecret/keys/*.gpg` ),
may have changed since the last time the files were encrypted, and it's possible
to create a state where the users in the output of `git secret whoknows`
may not be able to decrypt the some files in the repo, or may be able decrypt files
they're not supposed to be able to.
In other words, unless you re-encrypt all the files in a repo each time you `hide` any,
it's possible to make it so some files can no longer be decrypted by users who should be
(and would appear) able to decrypt them, and vice-versa.
If you know what you are doing and wish
to encrypt or re-encrypt only a subset of the files
even after reading the above paragraphs, you can use the `-F` or `-m` options.
The `-F` option forces `git secret hide` to skip any hidden files
where the unencrypted versions aren't present.
The `-m` option skips any hidden files that have
not be been modified since the last time they were encrypted.
## OPTIONS
-v - verbose, shows extra information.
-c - deletes encrypted files before creating new ones.
-F - forces hide to continue if a file to encrypt is missing.
-P - preserve permissions of unencrypted file in encrypted file.
-d - deletes unencrypted files after encryption.
-m - encrypt files only when modified.
-h - shows help.
## ENV VARIABLES
- `SECRETS_GPG_COMMAND` changes the default `gpg` command to anything else
- `SECRETS_GPG_ARMOR` is a boolean to enable [`--armor` mode ](https://www.gnupg.org/gph/en/manual/r1290.html ) to store secrets in text format over binary
- `SECRETS_DIR` changes the default `.gitsecret/` folder to another name as documented at [git-secret(7) ](https://git-secret.io/ )
- `SECRETS_EXTENSION` changes the default `.secret` file extension
- `SECRETS_VERBOSE` changes the output verbosity as documented at [git-secret(7) ](https://git-secret.io/ )
- `SECRETS_PINENTRY` changes the [`gpg --pinentry` mode ](https://github.com/gpg/pinentry ) as documented at [git-secret(7) ](https://git-secret.io/ )
Version 0.2.2 pre-release
There are a lot of changes, multiple things were refactored: tests,
some commands, building and meta.
Several critical bugs fixed.
Changes:
1. Fixed #74, when `_user_required` was not working after reimporting keys
2. Closes #73, now it is possible to provide multiple emails to the `killperson` command
3. Closes #72, now it is possible to provide multiple emails to the `tell` command
4. Closes #71, now every doc in this project refer to `git-secret.io` instead of old `gh-pages` website
5. Closes #70, now installation section is removed from main `man` file
6. Closes #69, now "See also" section in the `man`s are clickable
7. Closes #61, added "Manual" section to the manuals
8. Refs #38, added `centos` Dockerfile, but `ci` testing is still failing
9. Refs #52, tests are refactored. Added `clean` command tests, removed a lot of hardcoded things, moved tests execution from `./temp` folder to `/tmp`, added a lot of new check in old tests, and some new test cases
10. Refactored `hide` and `clean` commands to be shorter
11. `shellcheck` is now supported with `make lint`
Additional features are not comming to 0.2.2 after this commit.
8 years ago
## MANUAL
Run `man git-secret-hide` to see this document.
Version 0.2.2 pre-release
There are a lot of changes, multiple things were refactored: tests,
some commands, building and meta.
Several critical bugs fixed.
Changes:
1. Fixed #74, when `_user_required` was not working after reimporting keys
2. Closes #73, now it is possible to provide multiple emails to the `killperson` command
3. Closes #72, now it is possible to provide multiple emails to the `tell` command
4. Closes #71, now every doc in this project refer to `git-secret.io` instead of old `gh-pages` website
5. Closes #70, now installation section is removed from main `man` file
6. Closes #69, now "See also" section in the `man`s are clickable
7. Closes #61, added "Manual" section to the manuals
8. Refs #38, added `centos` Dockerfile, but `ci` testing is still failing
9. Refs #52, tests are refactored. Added `clean` command tests, removed a lot of hardcoded things, moved tests execution from `./temp` folder to `/tmp`, added a lot of new check in old tests, and some new test cases
10. Refactored `hide` and `clean` commands to be shorter
11. `shellcheck` is now supported with `make lint`
Additional features are not comming to 0.2.2 after this commit.
8 years ago
## SEE ALSO
[git-secret-init(1) ](https://git-secret.io/git-secret-init ), [git-secret-tell(1) ](https://git-secret.io/git-secret-tell ),
[git-secret-add(1) ](https://git-secret.io/git-secret-add ), [git-secret-reveal(1) ](https://git-secret.io/git-secret-reveal ),
[git-secret-cat(1) ](https://git-secret.io/git-secret-cat )