From 8f6b3876ac74f80b8eb2e7d0094cc1a2f9abc292 Mon Sep 17 00:00:00 2001 From: Josh Rabinowitz Date: Mon, 16 Apr 2018 16:14:34 -0400 Subject: [PATCH] use 'git secret hide -d' in example --- man/man7/git-secret.7 | 2 +- man/man7/git-secret.7.ronn | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/man/man7/git-secret.7 b/man/man7/git-secret.7 index afbbea02..10becda0 100644 --- a/man/man7/git-secret.7 +++ b/man/man7/git-secret.7 @@ -41,7 +41,7 @@ Import this key inside your \fBgpg\fR setup (in ~/\.gnupg or similar) by running Now add this person to your secrets repo by running \fBgit secret tell persons@email\.id\fR . .IP "4." 4 -Then re\-encrypt the files using \fBgit secret reveal; git secret hide\fR\. Now the newly added user be able to decrypt them using \fBgit\-secret\fR and their secret key\. +Then re\-encrypt the files using \fBgit secret reveal; git secret hide \-d\fR\. (The \-d options deletes the unencrypted file after re\-encrypting it)\. Now the newly added user be able to decrypt them using \fBgit\-secret\fR and their secret key\. . .IP "" 0 . diff --git a/man/man7/git-secret.7.ronn b/man/man7/git-secret.7.ronn index a51acffb..ba7788fd 100644 --- a/man/man7/git-secret.7.ronn +++ b/man/man7/git-secret.7.ronn @@ -14,7 +14,7 @@ These steps cover the basic process of using `git-secret`: 1. Get their `gpg` public-key. **You won't need their secret key.** 2. Import this key inside your `gpg` setup (in ~/.gnupg or similar) by running `gpg --import KEY_NAME` 3. Now add this person to your secrets repo by running `git secret tell persons@email.id` -4. Then re-encrypt the files using `git secret reveal; git secret hide`. Now the newly added user be able to decrypt them using `git-secret` and their secret key. +4. Then re-encrypt the files using `git secret reveal; git secret hide -d`. (The -d options deletes the unencrypted file after re-encrypting it). Now the newly added user be able to decrypt them using `git-secret` and their secret key. Note that it is possible to add yourself to the system without decrypting existing files. It will be possible to decrypt them after reencrypting them with the new keyring. So, if you don't want unexpected keys added, make sure to configure some server-side security policy with the `pre-receive` hook.