\fBgit\-secret\-hide\fR\- encrypts all added files with the inner keyring\.
@ -15,7 +15,7 @@ git secret hide [\-c] [\-v]
.fi
.
.SH"DESCRIPTION"
\fBgit\-secret\-hide\fR create an encrypted version for each file added by \fBgit\-secret\-add\fR command\. Now anyone one from the \fBgit\-secret\fR\'s keyring can decrypt these files using the their secret key\.
\fBgit\-secret\-hide\fR create an encrypted version for each file added by \fBgit\-secret\-add\fR command\. Now anyone from the \fBgit\-secret\fR\'s keyring can decrypt these files using their secret key\.
.
.P
It is possible to modify the names of the encrypted files by setting \fBSECRETS_EXTENSION\fR variable\.
\fBgit\-secret\-init\fR should be runned inside a \fBgit\fR repo\.\fBgit\-secret\-init\fR is the first command to be runned, until the git\-secret repository is inited other commands are unavailable\.
\fBgit\-secret\-init\fR should be run inside a \fBgit\fR repo\.\fBgit\-secret\-init\fR is the first command to be run, until the git\-secret repository is inited other commands are unavailable\.
\fBgit\-secret\-reveal\fR\- decrypts all the files in the \fB\.gitsecret/paths/mapping\.cfg\fR by running a \fBgpg \-\-decrypt\fR command\. It is important to have paired secret\-key for one of the public\-keys, which were used in the encryption\.
\fBgit\-secret\-reveal\fR\- decrypts all the files in the \fB\.gitsecret/paths/mapping\.cfg\fR by running a \fBgpg \-\-decrypt\fR command\. It is important to have paired secret\-key with one of the public\-keys, which were used in the encryption\.
\fBgit\-secret\-tell\fR receives an email address as an input, searches for the \fBgpg\fR\-key in the \fBgpg\fR\'s \fBhomedir\fR by this email, then import a person\'s public key into the \fBgit\-secret\fR\'s inner keychain\.Since this moment this person can encrypt new files with the keyring which contains his key\. But he cannot decrypt the old files, which were already encrypted without his key\. They should be reencrypted with the new keyring by someone, who has the unencrypted files\.
\fBgit\-secret\-tell\fR receives an email address as an input, searches for the \fBgpg\fR\-key in the \fBgpg\fR\'s \fBhomedir\fR by this email, then imports a person\'s public key into the \fBgit\-secret\fR\'s inner keychain\.From this moment this person can encrypt new files with the keyring which contains their key\. But they cannot decrypt the old files, which were already encrypted without their key\. They should be reencrypted with the new keyring by someone, who has the unencrypted files\.
.
.P
\fBDo not manually import secret key into \fBgit\-secret\fR\fR\. Anyway, it won\'t work with any of the secret\-keys imported\.
\fBDo not manually import secret key into \fBgit\-secret\fR\fR\. Anyways, it won\'t work with any of the secret\-keys imported\.
@ -41,7 +41,7 @@ When building the automated deployment system there will be one extra step: down
.IP""0
.
.SS"What is <code>git\-secret</code>?"
\fBgit\-secret\fR is a bash tool to store your private data inside a \fBgit\fR repo\. How\'s that? Basically, it just encrypts, using \fBgpg\fR, the tracked files with the public keys of all the users that you trust\. So everyone of them can decrypt these files using only their personal secret key\. Why to deal with all these private\-public keys stuff? Well, to make it easier for everyone to manage access rights\. There are no passwords that change\. When someone is out \- just delete his public key, reencrypt the files, and he won\'t be able to decrypt secrets anymore\.
\fBgit\-secret\fR is a bash tool to store your private data inside a \fBgit\fR repo\. How\'s that? Basically, it just encrypts, using \fBgpg\fR, the tracked files with the public keys of all the users that you trust\. So everyone of them can decrypt these files using only their personal secret key\. Why deal with all this private\-public keys stuff? Well, to make it easier for everyone to manage access rights\. There are no passwords that change\. When someone is out \- just delete his public key, reencrypt the files, and he won\'t be able to decrypt secrets anymore\.
.
.SH"Installation"
.
@ -60,12 +60,42 @@ gpg (GnuPG) 1\.4\.20
.IP""0
.
.SS"Supported platforms"
\fBgit secret\fR works with \fBMac OS X\fR >= 10\.9, \fBUbuntu\fR >= 14\.04 and \fBDebian\fR >= 8\.3 You can add you platform to this list, if all the tests passes for you\.\fBCygwin\fR support is planned\.
\fBgit secret\fR works with \fBMac OS X\fR >= 10\.9, \fBUbuntu\fR >= 14\.04 and \fBDebian\fR >= 8\.3 You can add your platform to this list, if all the tests pass for you\.\fBCygwin\fR support is planned\.
.
.SS"Installation process"
There are several ways to install \fBgit\-secret\fR:
.
.P
\fBBrew\fR
.
.IP"1."4
Run \fBbrew install sobolevn/tap/git\-secret\fR
.
.IP""0
.
.P
\fB\fBantigen\fR plugin (or any other \fBoh\-my\-zsh\fR\-styled plugin\-systems)\fR
.
.IP"1."4
Add line \fBantigen bundle sobolevn/git\-secret\fR to your \fB\.zshrc\fR
.
.IP"2."4
Run \fBsource ~/\.zshrc\fR or reopen the terminal
.
.IP""0
.
.P
\fB\fBmake install\fR\fR
.
.IP"1."4
Download the latest realease here \fIhttps://github\.com/sobolevn/git\-secret/releases\fR
.
.IP"2."4
Unpack and run \fBmake install PREFIX="your/installation/path"\fR, note that this command may require \fBsudo\fR
.
.IP""0
.
.P
\fBThe hard way\fR
.
.IP"1."4
@ -80,18 +110,18 @@ Move \fBgit\-secret\fR file and \fBman/\fR folder somewhere inside your \fB$PATH
.IP""0
.
.P
\fB\fBantigen\fR plugin (or any other \fBoh\-my\-zsh\fR\-styled plugin\-systems)\fR
\fBLocal \fB\.deb\fR package\fR
.
.IP"1."4
Add line \fBantigen bundle sobolevn/git\-secret\fR to your \fB\.zshrc\fR
Download the latest realease here \fIhttps://github\.com/sobolevn/git\-secret/releases\fR
.
.IP"2."4
Run \fBsource ~/\.zshrc\fR or reopen the terminal
Unpack, and run \fBmake build\-deb\fR, it is possible to set the output folder with \fB$SCRIPT_BUILD_DIR\fR variable\.
.
.IP""0
.IP"3."4
Install the local \fB\.deb\fR package with \fBdpkp \-i git\-secret\-package\-name\.deb\fR, note that this command may require \fBsudo\fR and the package name will be different
.
.P
\fBbrew\fR and \fBfpm\fR support is planned\.
.IP""0
.
.SH"Usage"
These steps cover the basic process of using \fBgit\-secret\fR:
@ -109,7 +139,7 @@ Add first user to the system by running \fBgit secret tell your@gpg\.email\-id\f
Now it\'s time to add files you wish to encrypt inside the \fBgit\-secret\fR repository\. It can be done by running \fBgit secret add <filenames\.\.\.>\fR command\. Make sure these files are ignored, otherwise \fBgit secret\fR won\'t allow you to add them, as these files will be stored unencrypted\.
.
.IP"5."4
When done, run \fBgit secret hide\fR all files, which you have added by \fBgit secret add\fR command will be encrypted with added public\-keys by the \fBgit secret tell\fR command\. Now it is safe to commit your cahnges\.\fBBut\fR\. It\'s recommened to add \fBgit secret hide\fR command to your \fBpre\-commit\fR hook, so you won\'t miss any changes\.
When done, run \fBgit secret hide\fR all files, which you have added by \fBgit secret add\fR command will be encrypted with added public\-keys by the \fBgit secret tell\fR command\. Now it is safe to commit your changes\.\fBBut\fR\. It\'s recommended to add \fBgit secret hide\fR command to your \fBpre\-commit\fR hook, so you won\'t miss any changes\.
.
.IP"6."4
Now decrypt files with \fBgit secret reveal\fR command\. It will ask you for your password\. And you\'re done!
@ -119,7 +149,7 @@ Now decrypt files with \fBgit secret reveal\fR command\. It will ask you for you
.SS"I want to add someone to the repository"
.
.IP"1."4
Get his \fBgpg\fR public\-key\.\fBYou won\'t need his secret key\.\fR
Get his \fBgpg\fR public\-key\.\fBYou won\'t need their secret key\.\fR
.
.IP"2."4
Import this key inside your \fBgpg\fR by running \fBgpg \-\-import KEY_NAME\fR
@ -128,7 +158,7 @@ Import this key inside your \fBgpg\fR by running \fBgpg \-\-import KEY_NAME\fR
Now add this person to the \fBgit\-secret\fR by running \fBgit secret tell persons@email\.id\fR
.
.IP"4."4
Reencypt the files, now he will be able to decrypt them with his secret key\.
Reencypt the files, now they will be able to decrypt them with their secret key\.
sobolevn
8 years ago
committed by
mail@sobolevn.me