Archives
/
git-secret
mirror of https://github.com/sobolevn/git-secret
2
1
Fork 0
Code Issues Projects Releases Wiki Activity

new README

Browse Source
pull/10/head
sobolevn 9 years ago
parent fa1ab30fd8
commit 368be9790a
3 changed files with 57 additions and 26 deletions
Show Stats Download Patch File Download Diff File

25
README.md
Unescape Escape View File

@ -2,13 +2,19 @@
[![Build Status](https://secure.travis-ci.org/sobolevn/git-secret.png?branch=master)](https://travis-ci.org/sobolevn/git-secret)
## Preview
![git-secret terminal preview](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/gitsecret_terminal.gif)
## Installation and Usage
See the [git-secret site](https://sobolevn.github.io/git-secret/).
## Status
This project is still under development. Current objectives:
- add `trust-model` parameter to `git-secret-hide`
- hooks: `pre-commit` to encrypt secret files
- static site for `gh-pages` build from manuals with `Jekyll` and `Ronn`
- autocomplete for `zsh` plugin
- extra tests
- precompiled distributions for `brew` and other package managers
@ -16,25 +22,10 @@ This project is still under development. Current objectives:
- сygwin support (?)
## Requirements
`git-secret` works only with `git` and `gpg`, it is tested and works for Mac OS X, Ubuntu and Debian.
No other dependencies are required.
## Testing
For testing this project uses [`bats`](1). You can install it by running `make install-test`.
To run tests call: `make test`. It will download and install `bats` into `vandor/bats` if it's not installed yet.
## Installation
Right now installation is only possible with this workflow:
1. `git clone https://github.com/sobolevn/git-secret.git`
2. `make develop`
3. then move the resulting file `git-secret` somewhere inside your `PATH`
[1]: https://github.com/sstephenson/bats

43
man/man1/git-secret.7
Unescape Escape View File

@ -6,7 +6,20 @@
.SH "NAME"
\fBgit\-secret\fR
.
.SH "Intro"
.SH "Content"
.
.IP "1." 4
\fIIntro\fR
.
.IP "2." 4
\fIInstallation\fR
.
.IP "3." 4
\fIUsage\fR
.
.IP "" 0
.
.SH "<a href=\"#intro\" data\-bare\-link=\"true\">Intro</a>"
There\'s a known problem in server configuration and deploying, when you have to store your private data such as: database passwords, application secret\-keys, OAuth secret keys and so on, outside of the git repository\. Even if this repository is private, it is a security risk to just publish them into the world wide web\. What are the drawbacks of storing them separately?
.
.IP "1." 4
@ -30,7 +43,7 @@ When building the automated deploment system there will be one extra step: downl
.SS "What is <code>git\-secret</code>?"
\fBgit\-secret\fR is a bash tool to store your private data inside a \fBgit\fR repo\. How\'s that? Basically, it just encrypts, using \fBgpg\fR, the tracked files with the public keys of all the users that you trust\. So everyone of them can decrypt these files using only their personal secret key\. Why to deal with all these private\-public keys stuff? Well, to make it easier for everyone to manage access rights\. There are no passwords that change\. When someone is out \- just delete his public key, reencrypt the files, and he won\'t be able to decrypt secrets anymore\.
.
.SH "Installation"
.SH "<a href=\"#install\" data\-bare\-link=\"true\">Installation</a>"
.
.SS "Dependencies"
\fBgit secret\fR relies on two dependecies: \fBgit\fR \fIhttps://git\-scm\.com/\fR and \fBgpg\fR \fIhttps://www\.gnupg\.org/\fR\. Download and install them before using this project\. \fBgit\-secret\fR is tested to work with:
@ -80,8 +93,28 @@ Run \fBsource ~/\.zshrc\fR or reopen the terminal
.P
\fBbrew\fR and \fBfpm\fR support is planned\.
.
.SH "Usage"
These steps cover the basic process of using \fBgit\-secret\fR: 0\. Before starting, make sure you have created \fBgpg\fR RSA key\-pair: public and secret key identified by your email address\. 1\. Initialize \fBgit\-secret\fR repository by running \fBgit secret init\fR command\. \fB\.gitsecret/\fR folder will be created\. 2\. Add first user to the system by running \fBgit secret tell your@gpg\.email\-id\fR\. 3\. Now it\'s time to add files you wish to encrypt inside the \fBgit\-secret\fR repository\. It can be done by running \fBgit secret add <filenames\.\.\.>\fR command\. Make sure these files are ignored, otherwise \fBgit secret\fR won\'t allow you to add them, as these files will be stored unencrypted\. 4\. When done, run \fBgit secret hide\fR all files, which you have added by \fBgit secret add\fR command will be encrypted with added public\-keys by the \fBgit secret tell\fR command\. Now it is safe to commit your cahnges\. \fBBut\fR\. It\'s recommened to add \fBgit secret hide\fR command to your \fBpre\-commit\fR hook, so you won\'t miss any changes\. 5\. Now decrypt files with \fBgit secret reveal\fR command\. It will ask you for your password\. And you\'re done!
.SH "<a href=\"#usage\" data\-bare\-link=\"true\">Usage</a>"
These steps cover the basic process of using \fBgit\-secret\fR:
.
.IP "1." 4
Before starting, make sure you have created \fBgpg\fR RSA key\-pair: public and secret key identified by your email address\.
.
.IP "2." 4
Initialize \fBgit\-secret\fR repository by running \fBgit secret init\fR command\. \fB\.gitsecret/\fR folder will be created\.
.
.IP "3." 4
Add first user to the system by running \fBgit secret tell your@gpg\.email\-id\fR\.
.
.IP "4." 4
Now it\'s time to add files you wish to encrypt inside the \fBgit\-secret\fR repository\. It can be done by running \fBgit secret add <filenames\.\.\.>\fR command\. Make sure these files are ignored, otherwise \fBgit secret\fR won\'t allow you to add them, as these files will be stored unencrypted\.
.
.IP "5." 4
When done, run \fBgit secret hide\fR all files, which you have added by \fBgit secret add\fR command will be encrypted with added public\-keys by the \fBgit secret tell\fR command\. Now it is safe to commit your cahnges\. \fBBut\fR\. It\'s recommened to add \fBgit secret hide\fR command to your \fBpre\-commit\fR hook, so you won\'t miss any changes\.
.
.IP "6." 4
Now decrypt files with \fBgit secret reveal\fR command\. It will ask you for your password\. And you\'re done!
.
.IP "" 0
.
.SS "I want to add someone to the repository"
.
@ -100,4 +133,4 @@ Reencypt the files, now he will be able to decrypt them with his secret key\.
.IP "" 0
.
.P
Note, that it is possible to add yourself to the system without decrypting existing files\. It will possible to decrypt them after reencrypting them with the new key added\. So, if you don\'t want unexpected keys added, make sure to configure some server\-side security policy with the \fBpre\-receive\fR hook\.
Note, that it is possible to add yourself to the system without decrypting existing files\. It will be possible to decrypt them after reencrypting them with the new keyring\. So, if you don\'t want unexpected keys added, make sure to configure some server\-side security policy with the \fBpre\-receive\fR hook\.

15
man/man1/git-secret.7.ronn
Unescape Escape View File

@ -1,4 +1,10 @@
## Intro
## Content
1. [Intro](#intro)
2. [Installation](#install)
3. [Usage](#usage)
## [Intro](#intro)
There's a known problem in server configuration and deploying, when you have to store your private data such as: database passwords, application secret-keys, OAuth secret keys and so on, outside of the git repository. Even if this repository is private, it is a security risk to just publish them into the world wide web. What are the drawbacks of storing them separately?
@ -14,7 +20,7 @@ There's a known problem in server configuration and deploying, when you have to
`git-secret` is a bash tool to store your private data inside a `git` repo. How's that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why to deal with all these private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete his public key, reencrypt the files, and he won't be able to decrypt secrets anymore.
## Installation
## [Installation](#install)
### Dependencies
@ -46,8 +52,9 @@ There are several ways to install `git-secret`:
`brew` and `fpm` support is planned.
## Usage
## [Usage](#usage)
These steps cover the basic process of using `git-secret`:
0. Before starting, make sure you have created `gpg` RSA key-pair: public and secret key identified by your email address.
1. Initialize `git-secret` repository by running `git secret init` command. `.gitsecret/` folder will be created.
2. Add first user to the system by running `git secret tell your@gpg.email-id`.
@ -61,7 +68,7 @@ These steps cover the basic process of using `git-secret`:
3. Now add this person to the `git-secret` by running `git secret tell persons@email.id`
4. Reencypt the files, now he will be able to decrypt them with his secret key.
Note, that it is possible to add yourself to the system without decrypting existing files. It will possible to decrypt them after reencrypting them with the new key added. So, if you don't want unexpected keys added, make sure to configure some server-side security policy with the `pre-receive` hook.
Note, that it is possible to add yourself to the system without decrypting existing files. It will be possible to decrypt them after reencrypting them with the new keyring. So, if you don't want unexpected keys added, make sure to configure some server-side security policy with the `pre-receive` hook.
[1]: https://git-scm.com/
[2]: https://www.gnupg.org/

Write Preview
Loading…
Cancel
Save