manuals started

.gitignore

@@ -121,9 +121,10 @@ _site/
 .sass-cache/
 
 #####=== Custom ===#####
+.gitsecret/
 git-secret
 vendor/
 temp/
 
-man/
+# Temporary:
 gh-pages/

Makefile

@@ -24,6 +24,6 @@ test:
 install-man:
 	gem install ronn
 
-man:
-	@if [ `gem list ronn -i` == "false" ]; then make install-man; fi
-	ronn --roff man/*.ronn
+build-man:
+	@if [ ! `gem list ronn -i` == "true" ]; then make install-man; fi
+	ronn --roff man/man1/*.ronn

README.md

@@ -6,11 +6,19 @@
 
 This project is still under development. Current objectives:
 
+- `git-secret-list` to show added files
+- `git-secret-whoknows` to show added keys
+- check all exit code, modify if needed
+- add check if the `.gitsecret` folder is ignored, raise exception in that case.
+- add `trust-model` parameter to `git-secret-hide`
+- add exception when running `git secret tell` with no files added
 - manuals
-- static site fot `gh-pages` build from manuals with `Jekyll` and `Ronn`
+- hooks: `pre-commit` to encrypt secret files
+- static site for `gh-pages` build from manuals with `Jekyll` and `Ronn`
 - plugin for `zsh`
-- extra tests
+- extra tests, tests for `git-secret-remove`
 - precompiled distributions for `brew` and other package managers
+- styleguide for bash (?)
 - сygwin support (?)
 
 
@@ -19,7 +27,11 @@ This project is still under development. Current objectives:
 `git-secret` works only with `git` and `gpg`, it is tested and works for Mac OS X, Ubuntu and Debian.
 No other dependencies are required.
 
-For testing it uses `bats`. You can install it by running `make install-test`.
+
+## Testing
+
+For testing this project uses [`bats`](1). You can install it by running `make install-test`.
+To run tests call: `make test`. It will download and install `bats` into `vandor/bats` if it's not installed yet.
 
 
 ## Installation
@@ -29,3 +41,6 @@ Right now installation is only possible with this workflow:
 1. `git clone https://github.com/sobolevn/git-secret.git`
 2. `make develop`
 3. then move the resulting file `git-secret` somewhere inside your `PATH`
+
+
+[1]: https://github.com/sstephenson/bats

man/man1/git-secret-add.1

@@ -0,0 +1,22 @@
+.\" generated with Ronn/v0.7.3
+.\" http://github.com/rtomayko/ronn/tree/0.7.3
+.
+.TH "GIT\-SECRET\-ADD" "1" "February 2016" "" ""
+.
+.SH "NAME"
+\fBgit\-secret\-add\fR \- starts to track added files\.
+.
+.SH "SYNOPSIS"
+\fBgit\-secret\-add\fR \- receives a list of files, then adds them into the \fBgit\-secret\fR, these files will be encrypted and decrypted on the appropriate commands\.
+.
+.SH "DESCRIPTION"
+\fBgit\-secret\-add\fR adds a filepath(es) into the \fB\.gitsecret/paths/mapping\.cfg\fR\. When adding files, ensure that they are ignored by \fBgit\fR, since they must be secure and not be commited into the remote repository unencrypted\.
+.
+.P
+If there\'s no users in the \fBgit\-secret\fR\'s keyring, when adding a file, an exception will be raised\.
+.
+.P
+It is not recommened to add filenames directly into the \fB\.gitsecret/paths/mapping\.cfg\fR, use the command\.
+.
+.SH "SEE ALSO"
+git\-secret\-init(1), git\-secret\-tell(1), git\-secret\-hide(1), git\-secret\-reveal(1)

man/man1/git-secret-add.1.ronn

@@ -0,0 +1,17 @@
+git-secret-add - starts to track added files.
+=============================================
+
+## SYNOPSIS
+`git-secret-add` - receives a list of files, then adds them into the `git-secret`, these files will be encrypted and decrypted on the appropriate commands.
+
+
+## DESCRIPTION
+`git-secret-add` adds a filepath(es) into the `.gitsecret/paths/mapping.cfg`. When adding files, ensure that they are ignored by `git`, since they must be secure and not be commited into the remote repository unencrypted.
+
+If there's no users in the `git-secret`'s keyring, when adding a file, an exception will be raised.
+
+It is not recommened to add filenames directly into the `.gitsecret/paths/mapping.cfg`, use the command.
+
+## SEE ALSO
+
+git-secret-init(1), git-secret-tell(1), git-secret-hide(1), git-secret-reveal(1)

man/man1/git-secret-hide.1

@@ -0,0 +1,29 @@
+.\" generated with Ronn/v0.7.3
+.\" http://github.com/rtomayko/ronn/tree/0.7.3
+.
+.TH "GIT\-SECRET\-HIDE" "1" "February 2016" "" ""
+.
+.SH "NAME"
+\fBgit\-secret\-hide\fR \- encrypts all added files with the inner keyring\.
+.
+.SH "SYNOPSIS"
+\fBgit\-secret\-hide\fR \- uses a \fBgpg\fR\'s \fB\-\-encrypt\fR for all receipients in the \fBgit\-secret\fR\'s keyring\.
+.
+.SH "DESCRIPTION"
+\fBgit\-secret\-hide\fR create an encrypted version for each file added by \fBgit\-secret\-add\fR command\. Now anyone one from the \fBgit\-secret\fR\'s keyring can decrypt these files using the their secret key\.
+.
+.P
+It is possible to modify the names of the encrypted files by setting \fBSECRETS_EXTENSION\fR variable\.
+.
+.SH "OPTIONS"
+.
+.nf
+
+\-v  \- verbose, shows extra information\.
+\-c  \- deletes encrypted files before creating new ones\.
+\-h  \- shows help\.
+.
+.fi
+.
+.SH "SEE ALSO"
+git\-secret\-init(1), git\-secret\-tell(1), git\-secret\-add(1), git\-secret\-reveal(1)

man/man1/git-secret-hide.1.ronn

@@ -0,0 +1,23 @@
+git-secret-hide - encrypts all added files with the inner keyring.
+==================================================================
+
+## SYNOPSIS
+`git-secret-hide` - uses a `gpg`'s `--encrypt` for all receipients in the `git-secret`'s keyring.
+
+
+## DESCRIPTION
+`git-secret-hide` create an encrypted version for each file added by `git-secret-add` command. Now anyone one from the `git-secret`'s keyring can decrypt these files using the their secret key.
+
+It is possible to modify the names of the encrypted files by setting `SECRETS_EXTENSION` variable.
+
+
+## OPTIONS
+
+    -v  - verbose, shows extra information.
+    -c  - deletes encrypted files before creating new ones.
+    -h  - shows help.
+
+
+## SEE ALSO
+
+git-secret-init(1), git-secret-tell(1), git-secret-add(1), git-secret-reveal(1)

man/man1/git-secret-init.1

@@ -0,0 +1,16 @@
+.\" generated with Ronn/v0.7.3
+.\" http://github.com/rtomayko/ronn/tree/0.7.3
+.
+.TH "GIT\-SECRET\-INIT" "1" "February 2016" "" ""
+.
+.SH "NAME"
+\fBgit\-secret\-init\fR \- initializes git\-secret repository\.
+.
+.SH "SYNOPSIS"
+\fBgit\-secret\-init\fR \- creates \fB\.gitsecret\fR directory\.
+.
+.SH "DESCRIPTION"
+\fBgit\-secret\-init\fR should be runned inside a \fBgit\fR repo\. \fBgit\-secret\-init\fR is the first command to be runned, until the git\-secret repository is inited other commands are unavailable\.
+.
+.SH "SEE ALSO"
+git\-init(1), git\-secret\-tell(1)

man/man1/git-secret-init.1.ronn

@@ -0,0 +1,14 @@
+git-secret-init - initializes git-secret repository.
+====================================================
+
+## SYNOPSIS
+`git-secret-init` - creates `.gitsecret` directory.
+
+
+## DESCRIPTION
+`git-secret-init` should be runned inside a `git` repo. `git-secret-init` is the first command to be runned, until the git-secret repository is inited other commands are unavailable.
+
+
+## SEE ALSO
+
+git-init(1), git-secret-tell(1)

man/man1/git-secret-reveal.1

@@ -0,0 +1,26 @@
+.\" generated with Ronn/v0.7.3
+.\" http://github.com/rtomayko/ronn/tree/0.7.3
+.
+.TH "GIT\-SECRET\-REVEAL" "1" "February 2016" "" ""
+.
+.SH "NAME"
+\fBgit\-secret\-reveal\fR \- decrypts all added files\.
+.
+.SH "SYNOPSIS"
+\fBgit\-secret\-reveal\fR \- uses a \fBgpg\fR\'s \fB\-\-decrypt\fR to decrypt files with the user\'s secret key, which is store somewhere outside the \fBgit\-secret\fR repo\.
+.
+.SH "DESCRIPTION"
+\fBgit\-secret\-reveal\fR \- decrypts all the files in the \fB\.gitsecret/paths/mapping\.cfg\fR by running a \fBgpg \-\-decrypt\fR command\. It is important to have paired secret\-key for one of the public\-keys, which were used in the encryption\.
+.
+.SH "OPTIONS"
+.
+.nf
+
+\-d  \- specifies `\-\-homedir` option for the `gpg`, basically use this option if your store your keys in a custom location\.
+\-p  \- specifies password for noinput mode, adds `\-\-passphrase` option for `gpg`\.
+\-h  \- shows help\.
+.
+.fi
+.
+.SH "SEE ALSO"
+git\-secret\-init(1), git\-secret\-tell(1), git\-secret\-add(1), git\-secret\-hide(1)

man/man1/git-secret-reveal.1.ronn

@@ -0,0 +1,21 @@
+git-secret-reveal - decrypts all added files.
+=============================================
+
+## SYNOPSIS
+`git-secret-reveal` - uses a `gpg`'s `--decrypt` to decrypt files with the user's secret key, which is store somewhere outside the `git-secret` repo.
+
+
+## DESCRIPTION
+`git-secret-reveal` - decrypts all the files in the `.gitsecret/paths/mapping.cfg` by running a `gpg --decrypt` command. It is important to have paired secret-key for one of the public-keys, which were used in the encryption.
+
+
+## OPTIONS
+
+    -d  - specifies `--homedir` option for the `gpg`, basically use this option if your store your keys in a custom location.
+    -p  - specifies password for noinput mode, adds `--passphrase` option for `gpg`.
+    -h  - shows help.
+
+
+## SEE ALSO
+
+git-secret-init(1), git-secret-tell(1), git-secret-add(1), git-secret-hide(1)

man/man1/git-secret-tell.1

@@ -0,0 +1,29 @@
+.\" generated with Ronn/v0.7.3
+.\" http://github.com/rtomayko/ronn/tree/0.7.3
+.
+.TH "GIT\-SECRET\-TELL" "1" "February 2016" "" ""
+.
+.SH "NAME"
+\fBgit\-secret\-tell\fR \- adds a person, who can access a private data\.
+.
+.SH "SYNOPSIS"
+\fBgit\-secret\-tell\fR \- adds a person\'s key into the keychain, who can encrypt and decrypt all the secret files\.
+.
+.SH "DESCRIPTION"
+\fBgit\-secret\-tell\fR receives an email address as an input, searches for the \fBgpg\fR\-key in the \fBgpg\fR\'s \fBhomedir\fR by this email, then import a person\'s public key into the \fBgit\-secret\fR\'s inner keychain\. Since this moment this person can encrypt new files with the keyring which contains his key\. But he cannot decrypt the old files, which were already encrypted without his key\. They should be reencrypted with the new keyring by someone, who has the unencrypted files\.
+.
+.P
+\fBDo not manually import secret key into \fBgit\-secret\fR\fR\. Anyway, it won\'t work with any of the secret\-keys imported\.
+.
+.SH "OPTIONS"
+.
+.nf
+
+\-m  \- takes your current `git config user\.email` as an identifier for the key\.
+\-d  \- specifies `\-\-homedir` option for the `gpg`, basically use this option if your store your keys in a custom location\.
+\-h  \- shows help\.
+.
+.fi
+.
+.SH "SEE ALSO"
+git\-secret\-init(1), git\-secret\-add(1), git\-secret\-hide(1), git\-secret\-reveal(1)

man/man1/git-secret-tell.1.ronn

@@ -0,0 +1,23 @@
+git-secret-tell - adds a person, who can access a private data.
+===============================================================
+
+## SYNOPSIS
+`git-secret-tell` - adds a person's key into the keychain, who can encrypt and decrypt all the secret files.
+
+
+## DESCRIPTION
+`git-secret-tell` receives an email address as an input, searches for the `gpg`-key in the `gpg`'s `homedir` by this email, then import a person's public key into the `git-secret`'s inner keychain. Since this moment this person can encrypt new files with the keyring which contains his key. But he cannot decrypt the old files, which were already encrypted without his key. They should be reencrypted with the new keyring by someone, who has the unencrypted files.
+
+**Do not manually import secret key into `git-secret`**. Anyway, it won't work with any of the secret-keys imported.
+
+
+## OPTIONS
+
+    -m  - takes your current `git config user.email` as an identifier for the key.
+    -d  - specifies `--homedir` option for the `gpg`, basically use this option if your store your keys in a custom location.
+    -h  - shows help.
+
+
+## SEE ALSO
+
+git-secret-init(1), git-secret-add(1), git-secret-hide(1), git-secret-reveal(1)

src/commands/git_secret_hide.sh

@@ -5,7 +5,7 @@ function _show_help_hide {
   echo "usage: git secret hide"
   echo "encrypts all the files added by the 'add' command."
   echo
-  echo "  -c        clean files before creating new ones."
+  echo "  -c        deletes encrypted files before creating new ones."
   echo "  -v        shows which files are deleted."
   exit 0
 }
@@ -35,6 +35,8 @@ function _optional_clean {
   shift $((OPTIND-1))
   [ "$1" = "--" ] && shift
 
+  _user_required
+
   if [[ $clean -eq 1 ]]; then
     clean ${opt_string}
   fi
@@ -42,15 +44,13 @@ function _optional_clean {
 
 
 function hide {
-  _user_required
-
   _optional_clean $@
 
   local counter=0
   while read line; do
     local encrypted_filename=$(_get_encrypted_filename $line)
 
-    local recipients=$($GPGLOCAL --list-keys | sed -n 's/.*<\(.*\)>.*/-r\1/p')
+    local recipients=$($GPGLOCAL --list-public-keys | sed -n 's/.*<\(.*\)>.*/-r\1/p')
     $GPGLOCAL --use-agent --yes --trust-model=always --encrypt $recipients -o "$encrypted_filename" "$line"
 
     counter=$((counter+1))

src/commands/git_secret_reveal.sh

@@ -6,12 +6,12 @@ function _show_help_reveal {
   echo "unencrypts all the files added by the 'add' command."
   echo
   echo "  -d        specifies --homedir option for gpg."
+  echo "  -p        specifies password for noinput mode, adds --passphrase option for gpg."
   exit 0
 }
 
 
 function reveal {
-  _user_required
 
   OPTIND=1
   local homedir=""
@@ -36,6 +36,8 @@ function reveal {
   shift $((OPTIND-1))
   [ "$1" = "--" ] && shift
 
+   _user_required
+
   local counter=0
   while read line; do
     local encrypted_filename=$(_get_encrypted_filename "$line")

src/commands/git_secret_tell.sh

@@ -21,8 +21,6 @@ function tell {
 
         if [[ -z $email ]]; then
           _abort "empty email for current git user."
-        else
-          echo "$email is not empty"
         fi
       ;;
 
@@ -63,6 +61,5 @@ function tell {
   # Importing public key to the local keychain:
   $GPGLOCAL --import "$keyfile" > /dev/null 2>&1
 
-  echo
   echo "done. $email added as a person who knows the secret."
 }

src/main.sh

@@ -1,10 +1,5 @@
 #!/usr/bin/env bash
 
-# encryption: https://www.gnupg.org/gph/en/manual.html#AEN111
-# git hooks: https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks
-# adding files to git on pre_commit hook:
-# http://stackoverflow.com/questions/3284292/can-a-git-hook-automatically-add-files-to-the-commit
-
 
 function _check_setup {
   # Checking git and secret-plugin setup: