diff --git a/CHANGELOG.md b/CHANGELOG.md index d5f2aa41..574c7e06 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ ### Misc +- Add security disclaimer for git-secret-killperson - Improve documentation about releases - Man page improvements diff --git a/docs/man/man1/git-secret-killperson.1.ronn b/docs/man/man1/git-secret-killperson.1.ronn index a602d2dc..0404768e 100644 --- a/docs/man/man1/git-secret-killperson.1.ronn +++ b/docs/man/man1/git-secret-killperson.1.ronn @@ -11,6 +11,10 @@ This command removes the keys associated with the selected email addresses from If you remove a keypair's access with `git-secret-killperson`, and run `git-secret-reveal` and `git-secret-hide -r`, it will be impossible for given users to decrypt the hidden files. +Using git-secret-killperson and re-encrypting the secrets does not prevent a user from extracting secrets that they have previously had access to. +The old keyrings and the secrets encrypted with them will still be readable by the user in the git history. +This means that any secrets that the user has had access to at any time must be changed and re-encrypted after their key has been removed from the keyring. + ## OPTIONS diff --git a/man/man1/git-secret-add.1 b/man/man1/git-secret-add.1 index 069b686d..b0a030c6 100644 --- a/man/man1/git-secret-add.1 +++ b/man/man1/git-secret-add.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-ADD" "1" "January 2021" "sobolevn" "git-secret 0.3.3" +.TH "GIT\-SECRET\-ADD" "1" "April 2021" "sobolevn" "git-secret 0.3.3" . .SH "NAME" \fBgit\-secret\-add\fR \- starts to track added files\. diff --git a/man/man1/git-secret-cat.1 b/man/man1/git-secret-cat.1 index b57aae00..8cc12498 100644 --- a/man/man1/git-secret-cat.1 +++ b/man/man1/git-secret-cat.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-CAT" "1" "January 2021" "sobolevn" "git-secret 0.3.3" +.TH "GIT\-SECRET\-CAT" "1" "April 2021" "sobolevn" "git-secret 0.3.3" . .SH "NAME" \fBgit\-secret\-cat\fR \- decrypts files passed on command line to stdout diff --git a/man/man1/git-secret-changes.1 b/man/man1/git-secret-changes.1 index 11f1c3d4..f68fb335 100644 --- a/man/man1/git-secret-changes.1 +++ b/man/man1/git-secret-changes.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-CHANGES" "1" "January 2021" "sobolevn" "git-secret 0.3.3" +.TH "GIT\-SECRET\-CHANGES" "1" "April 2021" "sobolevn" "git-secret 0.3.3" . .SH "NAME" \fBgit\-secret\-changes\fR \- view diff of the hidden files\. diff --git a/man/man1/git-secret-clean.1 b/man/man1/git-secret-clean.1 index edfb51d5..7817d604 100644 --- a/man/man1/git-secret-clean.1 +++ b/man/man1/git-secret-clean.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-CLEAN" "1" "January 2021" "sobolevn" "git-secret 0.3.3" +.TH "GIT\-SECRET\-CLEAN" "1" "April 2021" "sobolevn" "git-secret 0.3.3" . .SH "NAME" \fBgit\-secret\-clean\fR \- removes all the hidden files\. diff --git a/man/man1/git-secret-hide.1 b/man/man1/git-secret-hide.1 index 8d28ac35..1562e0cb 100644 --- a/man/man1/git-secret-hide.1 +++ b/man/man1/git-secret-hide.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-HIDE" "1" "January 2021" "sobolevn" "git-secret 0.3.3" +.TH "GIT\-SECRET\-HIDE" "1" "April 2021" "sobolevn" "git-secret 0.3.3" . .SH "NAME" \fBgit\-secret\-hide\fR \- encrypts all added files with the inner keyring\. diff --git a/man/man1/git-secret-init.1 b/man/man1/git-secret-init.1 index 31d13600..fe3df7cf 100644 --- a/man/man1/git-secret-init.1 +++ b/man/man1/git-secret-init.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-INIT" "1" "January 2021" "sobolevn" "git-secret 0.3.3" +.TH "GIT\-SECRET\-INIT" "1" "April 2021" "sobolevn" "git-secret 0.3.3" . .SH "NAME" \fBgit\-secret\-init\fR \- initializes git\-secret repository\. diff --git a/man/man1/git-secret-killperson.1 b/man/man1/git-secret-killperson.1 index aa6524da..b9a47c25 100644 --- a/man/man1/git-secret-killperson.1 +++ b/man/man1/git-secret-killperson.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-KILLPERSON" "1" "January 2021" "sobolevn" "git-secret 0.3.3" +.TH "GIT\-SECRET\-KILLPERSON" "1" "April 2021" "sobolevn" "git-secret 0.3.3" . .SH "NAME" \fBgit\-secret\-killperson\fR \- deletes key identified by an email from the inner keyring\. diff --git a/man/man1/git-secret-list.1 b/man/man1/git-secret-list.1 index 8d04fc86..aa0a729b 100644 --- a/man/man1/git-secret-list.1 +++ b/man/man1/git-secret-list.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-LIST" "1" "January 2021" "sobolevn" "git-secret 0.3.3" +.TH "GIT\-SECRET\-LIST" "1" "April 2021" "sobolevn" "git-secret 0.3.3" . .SH "NAME" \fBgit\-secret\-list\fR \- prints all the added files\. diff --git a/man/man1/git-secret-remove.1 b/man/man1/git-secret-remove.1 index 6a4eb2ee..1c9572e2 100644 --- a/man/man1/git-secret-remove.1 +++ b/man/man1/git-secret-remove.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-REMOVE" "1" "January 2021" "sobolevn" "git-secret 0.3.3" +.TH "GIT\-SECRET\-REMOVE" "1" "April 2021" "sobolevn" "git-secret 0.3.3" . .SH "NAME" \fBgit\-secret\-remove\fR \- removes files from index\. diff --git a/man/man1/git-secret-reveal.1 b/man/man1/git-secret-reveal.1 index 58928562..18abd26f 100644 --- a/man/man1/git-secret-reveal.1 +++ b/man/man1/git-secret-reveal.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-REVEAL" "1" "January 2021" "sobolevn" "git-secret 0.3.3" +.TH "GIT\-SECRET\-REVEAL" "1" "April 2021" "sobolevn" "git-secret 0.3.3" . .SH "NAME" \fBgit\-secret\-reveal\fR \- decrypts all added files\. diff --git a/man/man1/git-secret-tell.1 b/man/man1/git-secret-tell.1 index 7952c2e6..9b0d5c27 100644 --- a/man/man1/git-secret-tell.1 +++ b/man/man1/git-secret-tell.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-TELL" "1" "January 2021" "sobolevn" "git-secret 0.3.3" +.TH "GIT\-SECRET\-TELL" "1" "April 2021" "sobolevn" "git-secret 0.3.3" . .SH "NAME" \fBgit\-secret\-tell\fR \- adds a person, who can access private data\. diff --git a/man/man1/git-secret-usage.1 b/man/man1/git-secret-usage.1 index 14e947b3..d03f1712 100644 --- a/man/man1/git-secret-usage.1 +++ b/man/man1/git-secret-usage.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-USAGE" "1" "January 2021" "sobolevn" "git-secret 0.3.3" +.TH "GIT\-SECRET\-USAGE" "1" "April 2021" "sobolevn" "git-secret 0.3.3" . .SH "NAME" \fBgit\-secret\-usage\fR \- prints all the available commands\. diff --git a/man/man1/git-secret-whoknows.1 b/man/man1/git-secret-whoknows.1 index 4a364bd9..1bd94cdd 100644 --- a/man/man1/git-secret-whoknows.1 +++ b/man/man1/git-secret-whoknows.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-WHOKNOWS" "1" "January 2021" "sobolevn" "git-secret 0.3.3" +.TH "GIT\-SECRET\-WHOKNOWS" "1" "April 2021" "sobolevn" "git-secret 0.3.3" . .SH "NAME" \fBgit\-secret\-whoknows\fR \- prints email\-labels for each key in the keyring\. diff --git a/man/man7/git-secret.7 b/man/man7/git-secret.7 index 2cac854c..83f4f346 100644 --- a/man/man7/git-secret.7 +++ b/man/man7/git-secret.7 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET" "7" "January 2021" "sobolevn" "git-secret 0.3.3" +.TH "GIT\-SECRET" "7" "April 2021" "sobolevn" "git-secret 0.3.3" . .SH "NAME" \fBgit\-secret\fR \- bash tool to store private data inside a git repo\.