@ -18,7 +18,7 @@ There's a known problem in server configuration and deploying, when you have to
### What is `git-secret`?
`git-secret` is a bash tool to store your private data inside a `git` repo. How's that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why to deal with all these private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete his public key, reencrypt the files, and he won't be able to decrypt secrets anymore.
`git-secret` is a bash tool to store your private data inside a `git` repo. How's that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete his public key, reencrypt the files, and he won't be able to decrypt secrets anymore.
## Installation
@ -32,7 +32,7 @@ There's a known problem in server configuration and deploying, when you have to
### Supported platforms
`git secret` works with `Mac OS X` >= 10.9, `Ubuntu` >= 14.04 and `Debian` >= 8.3
You can add you platform to this list, if all the tests passes for you.
You can add your platform to this list, if all the tests pass for you.
`Cygwin` support is planned.
### Installation process
@ -59,14 +59,14 @@ These steps cover the basic process of using `git-secret`:
1. Initialize `git-secret` repository by running `git secret init` command. `.gitsecret/` folder will be created.
2. Add first user to the system by running `git secret tell your@gpg.email-id`.
3. Now it's time to add files you wish to encrypt inside the `git-secret` repository. It can be done by running `git secret add <filenames...>` command. Make sure these files are ignored, otherwise `git secret` won't allow you to add them, as these files will be stored unencrypted.
4. When done, run `git secret hide` all files, which you have added by `git secret add` command will be encrypted with added public-keys by the `git secret tell` command. Now it is safe to commit your cahnges. **But**. It's recommened to add `git secret hide` command to your `pre-commit` hook, so you won't miss any changes.
4. When done, run `git secret hide` all files, which you have added by `git secret add` command will be encrypted with added public-keys by the `git secret tell` command. Now it is safe to commit your changes. **But**. It's recommended to add `git secret hide` command to your `pre-commit` hook, so you won't miss any changes.
5. Now decrypt files with `git secret reveal` command. It will ask you for your password. And you're done!
### I want to add someone to the repository
1. Get his `gpg` public-key. **You won't need his secret key.**
1. Get his `gpg` public-key. **You won't need their secret key.**
2. Import this key inside your `gpg` by running `gpg --import KEY_NAME`
3. Now add this person to the `git-secret` by running `git secret tell persons@email.id`
4. Reencypt the files, now he will be able to decrypt them with his secret key.
4. Reencypt the files, now they will be able to decrypt them with their secret key.
Note, that it is possible to add yourself to the system without decrypting existing files. It will be possible to decrypt them after reencrypting them with the new keyring. So, if you don't want unexpected keys added, make sure to configure some server-side security policy with the `pre-receive` hook.
elinamorits
8 years ago