|
|
|
@ -33,7 +33,7 @@ And you're done!
|
|
|
|
|
2. Import this key into your `gpg` setup (in ~/.gnupg or similar) by running `gpg --import KEY_NAME.txt`
|
|
|
|
|
|
|
|
|
|
3. Now add this person to your secrets repo by running `git secret tell persons@email.id`
|
|
|
|
|
(this will be the email address assocated with the public key)
|
|
|
|
|
(this will be the email address associated with the public key)
|
|
|
|
|
|
|
|
|
|
4. The newly added user cannot yet read the encrypted files. Now, re-encrypt the files using
|
|
|
|
|
`git secret reveal; git secret hide -d`, and then commit and push the newly encrypted files.
|
|
|
|
@ -41,7 +41,7 @@ And you're done!
|
|
|
|
|
Now the newly added user be able to decrypt the files in the repo using `git-secret`.
|
|
|
|
|
|
|
|
|
|
Note that it is possible to add yourself to the git-secret repo without decrypting existing files.
|
|
|
|
|
It will be possible to decrypt them after reencrypting them with the new keyring. So, if you don't
|
|
|
|
|
It will be possible to decrypt them after re-encrypting them with the new keyring. So, if you don't
|
|
|
|
|
want unexpected keys added, you can configure some server-side security policy with the `pre-receive` hook.
|
|
|
|
|
|
|
|
|
|
## Configuration
|
|
|
|
@ -86,7 +86,7 @@ All the other internal data is stored in the directory:
|
|
|
|
|
|
|
|
|
|
### `.gitsecret/keys`
|
|
|
|
|
|
|
|
|
|
This directory contains data used by git-secret and PGP to allow and maintain the correct encyption and access rights for the permitted parties.
|
|
|
|
|
This directory contains data used by git-secret and PGP to allow and maintain the correct encryption and access rights for the permitted parties.
|
|
|
|
|
|
|
|
|
|
Generally speaking, all the files in this directory *except* `random_seed` should be checked into your repo.
|
|
|
|
|
By default, `git secret init` will add the file `.gitsecret/keys/random_seed` to your .gitignore file.
|
|
|
|
|