diff --git a/.ci/script.sh b/.ci/script.sh index 3a441376..4dc6473d 100644 --- a/.ci/script.sh +++ b/.ci/script.sh @@ -15,7 +15,7 @@ if [[ ! -z "$DOCKER_DIST" ]]; then fi # Local builds: -if [[ "$GITSECRET_DIST" == "brew" ]] || [[ "$GITSECRET_DIST" == "brew" ]]; then +if [[ "$GITSECRET_DIST" == "brew" ]] || [[ "$GITSECRET_DIST" == "none" ]]; then # Only running `make test` on standard (non-docker) build, # since it is called inside the docker container anyway. make test @@ -24,7 +24,5 @@ fi if [[ ! -z "$(command -v shellcheck)" ]]; then # This means, that `shellcheck` does exist, so run it: echo 'running lint' - find src utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {} - # TODO: add tests to lint - # see: https://github.com/koalaman/shellcheck/issues/709 + make lint fi diff --git a/.docker/deb/debian/Dockerfile b/.docker/deb/debian/Dockerfile index 1ea5e015..e3d9916f 100644 --- a/.docker/deb/debian/Dockerfile +++ b/.docker/deb/debian/Dockerfile @@ -7,12 +7,12 @@ MAINTAINER Nikita Sobolev (mail@sobolevn.me) RUN apt-get update && \ apt-get install -y man make git apt-transport-https && \ apt-get install -y ruby ruby-dev ruby-build && \ - apt-get autoremove && apt-get autoclean + apt-get autoremove && apt-get autoclean && \ + mkdir /code # This will increase the container size, but speed up the build, # since this part will change, while the dependencies won't: -RUN mkdir /code WORKDIR /code # Removing `origin` for good: diff --git a/.docker/rpm/centos/Dockerfile b/.docker/rpm/centos/Dockerfile new file mode 100644 index 00000000..630aff04 --- /dev/null +++ b/.docker/rpm/centos/Dockerfile @@ -0,0 +1,26 @@ +FROM centos:latest + +MAINTAINER Nikita Sobolev (mail@sobolevn.me) + +ENV HOME /root + +RUN yum update -y && \ + yum install -y epel-release && \ + yum install -y dnf && \ + dnf update -y && \ + rpm -U "http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm" && \ + dnf install -y gnupg man make gcc git tar > /dev/null && \ + dnf install -y which pciutils redhat-rpm-config rpm-build zlib-devel && \ + dnf -y group install 'Development tools' && \ + dnf install -y ruby ruby-devel rubygems && \ + dnf -y autoremove && \ + mkdir /code + +WORKDIR /code + +# Removing `origin` for good: + +RUN git clone -q https://github.com/sobolevn/git-secret.git && \ + cd git-secret && git remote rm origin + +WORKDIR /code/git-secret diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index 09ffc9cd..3e52bc69 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -18,7 +18,6 @@ Any logs, error output, etc? ---------------------------- (If it’s long, please paste to https://ghostbin.com/ and insert the link here.) - Any other comments? ------------------- … diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 37f0a84d..e2f37725 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -15,7 +15,6 @@ Does this close any currently open issues? ------------------------------------------ … - Any relevant logs, error output, etc? ------------------------------------- (If it’s long, please paste to https://ghostbin.com/ and insert the link here.) @@ -23,11 +22,3 @@ Any relevant logs, error output, etc? Any other comments? ------------------- … - -Where has this been tested? ---------------------------- -**Operating system:** … - -**`git-secret` version:** … - -**Shell type and version:** … diff --git a/.gitignore b/.gitignore index 6eff042b..309b6085 100644 --- a/.gitignore +++ b/.gitignore @@ -133,4 +133,3 @@ temp/ build/ *.deb *.fpm -test.txt diff --git a/.travis.yml b/.travis.yml index fb99efa4..38cb4b9c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -39,10 +39,6 @@ matrix: - debian-sid packages: - shellcheck - - os: osx - env: GITSECRET_DIST="brew"; GITSECRET_GPG_DEP="gnupg"; SECRETS_GPG_COMMAND="gpg" - sudo: false - language: generic - os: osx env: GITSECRET_DIST="brew"; GITSECRET_GPG_DEP="gnupg2"; SECRETS_GPG_COMMAND="gpg2" sudo: false diff --git a/CHANGELOG.md b/CHANGELOG.md index 0202a7d9..cb48f190 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,24 @@ # Changelog +## Version 0.2.2 + +- Change how the `usage` command works (#48) +- Now `git-secret` works from any place inside `git-tree` (#56) +- Added `-d` option to the `hide` coomand: it deletes unencrypted files (#62) +- Added new command `changes` to see the diff between the secret files (#64) +- Fixed bug when `_user_required` was not working after reimporting keys (#74) +- Now it is possible to provide multiple emails to the `killperson` command (#73) +- Now it is possible to provide multiple emails to the `tell` command (#72) +- Now every doc in this project refer to `git-secret.io` instead of old `gh-pages` website (#71) +- Now installation section is removed from main `man` file (#70) +- Now "See also" section in the `man`s are clickable (#69) +- Added "Manual" section to the manuals (#61) +- Added `centos` container for `ci` testing (#38) +- Tests are refactored. Added `clean` command tests, removed a lot of hardcoded things, moved tests execution from `./temp` folder to `/tmp`, added a lot of new check in old tests, and some new test cases (#52) +- Refactored `hide` and `clean` commands to be shorter +- `shellcheck` is now supported with `make lint` + + ## Version 0.2.1 - Now everything is tested inside the `docker`-containers and `OSX` images on `travis`. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index c94d6f74..bf9806f1 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -28,10 +28,10 @@ Only required if dealing with manuals, `gh-pages` or releases: 1. Firstly, you will need to setup development hooks with `make install-hooks` 2. Make changes to the files that need to be changed 3. When making changes to any files inside `src/` you will need to rebuild the binary `git-secret` with `make clean && make build` command -4. Run [`shellcheck`][shellcheck] against all your changes with `find src utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {}` +4. Run [`shellcheck`][shellcheck] against all your changes with `make lint` 5. Now, add all your files to the commit with `git add --all` and commit changes with `git commit`, make sure you write a good message, which will explain your work 6. When running `git commit` the tests will run automatically, your commit will be canceled if they fail -7. Push to your repository, make a pull-request against `develop` branch. Please, make sure you have **one** commit per pull-request +7. Push to your repository, make a pull-request against `develop` branch. Please, make sure you have **one** commit per pull-request, it will be merge into one anyways ### Branches @@ -55,7 +55,7 @@ CI is done with the help of `travis`. `travis` handles multiple environments: ### Release process -The release process is defined in the `git`-hooks and `.travis.yml`. +The release process is defined in the `git`-hooks and `.travis.yml`. When creating a commit inside the `staging` branch (it is usually a documentation and changelog update with the version bump inside `src/version.sh`) it will trigger two main events. @@ -88,6 +88,6 @@ Releases to `brew` are made manually. [tracker]: https://github.com/sobolevn/git-secret/issues [help-wanted]: https://github.com/sobolevn/git-secret/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22 [shellcheck]: https://github.com/koalaman/shellcheck -[git-secret-site]: https://sobolevn.github.io/git-secret/ +[git-secret-site]: http://git-secret.io [bintray]: https://bintray.com/sobolevn [Dockerhub]: https://hub.docker.com/r/sobolevn/git-secret/ diff --git a/Makefile b/Makefile index 5ce122e8..f2d7dd2b 100644 --- a/Makefile +++ b/Makefile @@ -53,9 +53,13 @@ test: install-test clean build install-ronn: @if [ ! `gem list ronn -i` == "true" ]; then gem install ronn; fi +.PHONY: clean-man +clean-man: + @find "man/" -type f ! -name "*.ronn" -delete + .PHONY: build-man -build-man: install-ronn - @ronn --roff man/*/*.ronn +build-man: install-ronn clean-man + @ronn --roff --organization="sobolevn" --manual="git-secret" man/*/*.ronn .PHONY: build-gh-pages build-gh-pages: @@ -76,6 +80,10 @@ install-hooks: .PHONY: develop develop: clean build install-hooks +.PHONY: lint +lint: + @find src utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {} + # # Packaging: # diff --git a/README.md b/README.md index ca3afffd..6cdf6e7a 100644 --- a/README.md +++ b/README.md @@ -2,11 +2,11 @@ [![Build Status](https://img.shields.io/travis/sobolevn/git-secret/master.svg)](https://travis-ci.org/sobolevn/git-secret) [![Homebrew](https://img.shields.io/homebrew/v/git-secret.svg)](http://braumeister.org/formula/git-secret) [![Bintray deb](https://img.shields.io/bintray/v/sobolevn/deb/git-secret.svg)](https://bintray.com/sobolevn/deb/git-secret/view) [![Dockerhub](https://img.shields.io/docker/pulls/sobolevn/git-secret.svg)](https://hub.docker.com/r/sobolevn/git-secret/) -[![git-secret](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/git-secret-big.png)](https://sobolevn.github.io/git-secret/) +[![git-secret](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/git-secret-big.png)](http://git-secret.io/) ## What is `git-secret`? -`git-secret` is a bash tool to store your private data inside a git repo. How’s that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete his public key, re-encrypt the files, and he won’t be able to decrypt secrets anymore. +`git-secret` is a bash tool to store your private data inside a git repo. How’s that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete their public key, re-encrypt the files, and they won’t be able to decrypt secrets anymore. ## Preview @@ -14,11 +14,11 @@ ## Usage -See the [git-secret site](https://sobolevn.github.io/git-secret/). +See the [git-secret site](http://git-secret.io/). ## Installation -See the [installation section](https://sobolevn.github.io/git-secret/#installation). +See the [installation section](http://git-secret.io/#installation). ## Contributing @@ -34,4 +34,4 @@ MIT. See [LICENSE.md](LICENSE.md) for details. ## Thanks -Special thanks to [Elio Qoshi](https://elioqoshi.me/sq/) from [ura](http://ura.al/) for the awesome logo. +Special thanks to [Elio Qoshi](https://elioqoshi.me/sq/) from [ura](http://ura.design/) for the awesome logo. diff --git a/git-secret.plugin.zsh b/git-secret.plugin.zsh index 61977e1f..824a57be 100644 --- a/git-secret.plugin.zsh +++ b/git-secret.plugin.zsh @@ -2,11 +2,7 @@ # Copyright 2016 Sobolev Nikita # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 +# Licensed under the MIT License # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, diff --git a/man/man1/git-secret-add.1 b/man/man1/git-secret-add.1 index 313253bc..073525df 100644 --- a/man/man1/git-secret-add.1 +++ b/man/man1/git-secret-add.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-ADD" "1" "May 2016" "" "" +.TH "GIT\-SECRET\-ADD" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-add\fR \- starts to track added files\. @@ -32,5 +32,8 @@ It is not recommened to add filenames directly into the \fB\.gitsecret/paths/map . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-add\fR to see this note\. +. .SH "SEE ALSO" -git\-secret\-init(1), git\-secret\-tell(1), git\-secret\-hide(1), git\-secret\-reveal(1) +git\-secret\-init(1) \fIhttp://git\-secret\.io/git\-secret\-init\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR diff --git a/man/man1/git-secret-add.1.ronn b/man/man1/git-secret-add.1.ronn index 0ba41f3e..3f182027 100644 --- a/man/man1/git-secret-add.1.ronn +++ b/man/man1/git-secret-add.1.ronn @@ -20,6 +20,11 @@ It is not recommened to add filenames directly into the `.gitsecret/paths/mappin -h - shows this help. +## MANUAL + +Run `man git-secret-add` to see this note. + + ## SEE ALSO -git-secret-init(1), git-secret-tell(1), git-secret-hide(1), git-secret-reveal(1) +[git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal) diff --git a/man/man1/git-secret-changes.1 b/man/man1/git-secret-changes.1 index eee5f776..c57aaefc 100644 --- a/man/man1/git-secret-changes.1 +++ b/man/man1/git-secret-changes.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-CHANGES" "1" "May 2016" "" "" +.TH "GIT\-SECRET\-CHANGES" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-changes\fR \- view diff of the hidden files\. @@ -10,12 +10,12 @@ . .nf -git secret changes [\-h] [\-d dir] [\-p password] \.\.\. +git secret changes [\-h] [\-d dir] [\-p password] [pathspec]\.\.\. . .fi . .SH "DESCRIPTION" -\fBgit\-secret\-changes\fR \- shows changes between the current version of hidden files and the ones already commited\. +\fBgit\-secret\-changes\fR \- shows changes between the current version of hidden files and the ones already commited\. You can provide any number of files to this command as arguments, so it will show changes for these files only\. If no arguments are provided \- information about all files will be shown\. . .SH "OPTIONS" . @@ -27,5 +27,8 @@ git secret changes [\-h] [\-d dir] [\-p password] \.\.\. . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-changes\fR to see this note\. +. .SH "SEE ALSO" -git\-secret\-add(1), git\-secret\-tell(1), git\-secret\-hide(1), git\-secret\-reveal(1) +git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR diff --git a/man/man1/git-secret-changes.1.ronn b/man/man1/git-secret-changes.1.ronn index 2aa1b36b..d0a75983 100644 --- a/man/man1/git-secret-changes.1.ronn +++ b/man/man1/git-secret-changes.1.ronn @@ -3,11 +3,11 @@ git-secret-changes - view diff of the hidden files. ## SYNOPSIS - git secret changes [-h] [-d dir] [-p password] ... + git secret changes [-h] [-d dir] [-p password] [pathspec]... ## DESCRIPTION -`git-secret-changes` - shows changes between the current version of hidden files and the ones already commited. +`git-secret-changes` - shows changes between the current version of hidden files and the ones already commited. You can provide any number of files to this command as arguments, so it will show changes for these files only. If no arguments are provided - information about all files will be shown. ## OPTIONS @@ -17,6 +17,11 @@ git-secret-changes - view diff of the hidden files. -h - shows help. +## MANUAL + +Run `man git-secret-changes` to see this note. + + ## SEE ALSO -git-secret-add(1), git-secret-tell(1), git-secret-hide(1), git-secret-reveal(1) +[git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal) diff --git a/man/man1/git-secret-clean.1 b/man/man1/git-secret-clean.1 index 6de1440e..aa939ffc 100644 --- a/man/man1/git-secret-clean.1 +++ b/man/man1/git-secret-clean.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-CLEAN" "1" "February 2016" "" "" +.TH "GIT\-SECRET\-CLEAN" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-clean\fR \- removes all the hidden files\. @@ -26,5 +26,8 @@ git secret clean [\-v] . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-clean\fR to see this note\. +. .SH "SEE ALSO" -git\-secret\-whoknows(1), git\-secret\-add(1), git\-secret\-remove(1), git\-secret\-hide(1), git\-secret\-reveal(1) +git\-secret\-whoknows(1) \fIhttp://git\-secret\.io/git\-secret\-whoknows\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-remove(1) \fIhttp://git\-secret\.io/git\-secret\-remove\fR, git\-secret\-killperson(1) \fIhttp://git\-secret\.io/git\-secret\-killperson\fR diff --git a/man/man1/git-secret-clean.1.ronn b/man/man1/git-secret-clean.1.ronn index d7ef74e8..5d7ad07d 100644 --- a/man/man1/git-secret-clean.1.ronn +++ b/man/man1/git-secret-clean.1.ronn @@ -16,6 +16,11 @@ git-secret-clean - removes all the hidden files. -h - shows this help. +## MANUAL + +Run `man git-secret-clean` to see this note. + + ## SEE ALSO -git-secret-whoknows(1), git-secret-add(1), git-secret-remove(1), git-secret-hide(1), git-secret-reveal(1) +[git-secret-whoknows(1)](http://git-secret.io/git-secret-whoknows), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-remove(1)](http://git-secret.io/git-secret-remove), [git-secret-killperson(1)](http://git-secret.io/git-secret-killperson) diff --git a/man/man1/git-secret-hide.1 b/man/man1/git-secret-hide.1 index bf7e14f9..8e2764e5 100644 --- a/man/man1/git-secret-hide.1 +++ b/man/man1/git-secret-hide.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-HIDE" "1" "March 2016" "" "" +.TH "GIT\-SECRET\-HIDE" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-hide\fR \- encrypts all added files with the inner keyring\. @@ -26,9 +26,13 @@ It is possible to modify the names of the encrypted files by setting \fBSECRETS_ \-v \- verbose, shows extra information\. \-c \- deletes encrypted files before creating new ones\. +\-d \- deletes unencrypted files after encryption\. \-h \- shows help\. . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-hide\fR to see this note\. +. .SH "SEE ALSO" -git\-secret\-init(1), git\-secret\-tell(1), git\-secret\-add(1), git\-secret\-reveal(1) +git\-secret\-init(1) \fIhttp://git\-secret\.io/git\-secret\-init\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR diff --git a/man/man1/git-secret-hide.1.ronn b/man/man1/git-secret-hide.1.ronn index 30c3545c..a4bf455f 100644 --- a/man/man1/git-secret-hide.1.ronn +++ b/man/man1/git-secret-hide.1.ronn @@ -16,9 +16,15 @@ It is possible to modify the names of the encrypted files by setting `SECRETS_EX -v - verbose, shows extra information. -c - deletes encrypted files before creating new ones. + -d - deletes unencrypted files after encryption. -h - shows help. +## MANUAL + +Run `man git-secret-hide` to see this note. + + ## SEE ALSO -git-secret-init(1), git-secret-tell(1), git-secret-add(1), git-secret-reveal(1) +[git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal) diff --git a/man/man1/git-secret-init.1 b/man/man1/git-secret-init.1 index b9552171..62a2aed1 100644 --- a/man/man1/git-secret-init.1 +++ b/man/man1/git-secret-init.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-INIT" "1" "March 2016" "" "" +.TH "GIT\-SECRET\-INIT" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-init\fR \- initializes git\-secret repository\. @@ -25,5 +25,8 @@ git secret init . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-init\fR to see this note\. +. .SH "SEE ALSO" -git\-init(1), git\-secret\-tell(1) +git\-secret\-usage(1) \fIhttp://git\-secret\.io/git\-secret\-usage\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR diff --git a/man/man1/git-secret-init.1.ronn b/man/man1/git-secret-init.1.ronn index a9640389..e7416e4b 100644 --- a/man/man1/git-secret-init.1.ronn +++ b/man/man1/git-secret-init.1.ronn @@ -15,6 +15,11 @@ git-secret-init - initializes git-secret repository. -h - shows this help. +## MANUAL + +Run `man git-secret-init` to see this note. + + ## SEE ALSO -git-init(1), git-secret-tell(1) +[git-secret-usage(1)](http://git-secret.io/git-secret-usage), [git-secret-tell(1)](http://git-secret.io/git-secret-tell) diff --git a/man/man1/git-secret-killperson.1 b/man/man1/git-secret-killperson.1 index 4fe16d8e..d69ce6ae 100644 --- a/man/man1/git-secret-killperson.1 +++ b/man/man1/git-secret-killperson.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-KILLPERSON" "1" "February 2016" "" "" +.TH "GIT\-SECRET\-KILLPERSON" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-killperson\fR \- deletes key identified by an email from the inner keyring\. @@ -10,12 +10,12 @@ . .nf -git secret killperson [email] +git secret killperson \.\.\. . .fi . .SH "DESCRIPTION" -\fBgit\-secret\-killperson\fR makes it impossible for given user to decrypt the hidden file in the future\. It is required to run \fBgit\-secret\-hide\fR once again with the updated keyring\. +This command removes selected email addresses from the keyring\. \fBgit\-secret\-killperson\fR makes it impossible for given users to decrypt the hidden files in the future\. It is required to run \fBgit\-secret\-hide\fR once again with the updated keyring to renew the encryption\. . .SH "OPTIONS" . @@ -25,5 +25,8 @@ git secret killperson [email] . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-killperson\fR to see this note\. +. .SH "SEE ALSO" -git\-secret\-tell(1), git\-secret\-hide(1), git\-secret\-reveal(1) +git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-remove(1) \fIhttp://git\-secret\.io/git\-secret\-remove\fR, git\-secret\-clean(1) \fIhttp://git\-secret\.io/git\-secret\-clean\fR diff --git a/man/man1/git-secret-killperson.1.ronn b/man/man1/git-secret-killperson.1.ronn index b3eee105..17b6cdd5 100644 --- a/man/man1/git-secret-killperson.1.ronn +++ b/man/man1/git-secret-killperson.1.ronn @@ -3,11 +3,11 @@ git-secret-killperson - deletes key identified by an email from the inner keyrin ## SYNOPSIS - git secret killperson [email] + git secret killperson ... ## DESCRIPTION -`git-secret-killperson` makes it impossible for given user to decrypt the hidden file in the future. It is required to run `git-secret-hide` once again with the updated keyring. +This command removes selected email addresses from the keyring. `git-secret-killperson` makes it impossible for given users to decrypt the hidden files in the future. It is required to run `git-secret-hide` once again with the updated keyring to renew the encryption. ## OPTIONS @@ -15,6 +15,11 @@ git-secret-killperson - deletes key identified by an email from the inner keyrin -h - shows this help. +## MANUAL + +Run `man git-secret-killperson` to see this note. + + ## SEE ALSO -git-secret-tell(1), git-secret-hide(1), git-secret-reveal(1) +[git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-remove(1)](http://git-secret.io/git-secret-remove), [git-secret-clean(1)](http://git-secret.io/git-secret-clean) diff --git a/man/man1/git-secret-list.1 b/man/man1/git-secret-list.1 index 8c07ad3b..0a4bc2d0 100644 --- a/man/man1/git-secret-list.1 +++ b/man/man1/git-secret-list.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-LIST" "1" "February 2016" "" "" +.TH "GIT\-SECRET\-LIST" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-list\fR \- prints all the added files\. @@ -25,5 +25,8 @@ git secret list . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-list\fR to see this note\. +. .SH "SEE ALSO" -git\-secret\-whoknows(1), git\-secret\-add(1), git\-secret\-remove(1), git\-secret\-hide(1), git\-secret\-reveal(1) +git\-secret\-whoknows(1) \fIhttp://git\-secret\.io/git\-secret\-whoknows\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-remove(1) \fIhttp://git\-secret\.io/git\-secret\-remove\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR diff --git a/man/man1/git-secret-list.1.ronn b/man/man1/git-secret-list.1.ronn index 9f988283..892380f7 100644 --- a/man/man1/git-secret-list.1.ronn +++ b/man/man1/git-secret-list.1.ronn @@ -15,6 +15,11 @@ git-secret-list - prints all the added files. -h - shows this help. +## MANUAL + +Run `man git-secret-list` to see this note. + + ## SEE ALSO -git-secret-whoknows(1), git-secret-add(1), git-secret-remove(1), git-secret-hide(1), git-secret-reveal(1) +[git-secret-whoknows(1)](http://git-secret.io/git-secret-whoknows), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-remove(1)](http://git-secret.io/git-secret-remove), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal) diff --git a/man/man1/git-secret-remove.1 b/man/man1/git-secret-remove.1 index dcb7863a..863c09bf 100644 --- a/man/man1/git-secret-remove.1 +++ b/man/man1/git-secret-remove.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-REMOVE" "1" "February 2016" "" "" +.TH "GIT\-SECRET\-REMOVE" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-remove\fR \- removes files from index\. @@ -10,7 +10,7 @@ . .nf -git secret remove [\-c] +git secret remove [\-c] \.\.\. . .fi . @@ -26,5 +26,8 @@ git secret remove [\-c] . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-remove\fR to see this note\. +. .SH "SEE ALSO" -git\-secret\-add(1), git\-secret\-reveal(1), git\-secret\-hide(1) +git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-clean(1) \fIhttp://git\-secret\.io/git\-secret\-clean\fR, git\-secret\-killperson(1) \fIhttp://git\-secret\.io/git\-secret\-killperson\fR diff --git a/man/man1/git-secret-remove.1.ronn b/man/man1/git-secret-remove.1.ronn index 1a720461..e865f09b 100644 --- a/man/man1/git-secret-remove.1.ronn +++ b/man/man1/git-secret-remove.1.ronn @@ -3,7 +3,7 @@ git-secret-remove - removes files from index. ## SYNOPSIS - git secret remove [-c] + git secret remove [-c] ... ## DESCRIPTION @@ -16,6 +16,11 @@ git-secret-remove - removes files from index. -h - shows help. +## MANUAL + +Run `man git-secret-remove` to see this note. + + ## SEE ALSO -git-secret-add(1), git-secret-reveal(1), git-secret-hide(1) +[git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-clean(1)](http://git-secret.io/git-secret-clean), [git-secret-killperson(1)](http://git-secret.io/git-secret-killperson) diff --git a/man/man1/git-secret-reveal.1 b/man/man1/git-secret-reveal.1 index 1125954f..0c9a8675 100644 --- a/man/man1/git-secret-reveal.1 +++ b/man/man1/git-secret-reveal.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-REVEAL" "1" "May 2016" "" "" +.TH "GIT\-SECRET\-REVEAL" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-reveal\fR \- decrypts all added files\. @@ -28,5 +28,8 @@ git secret reveal [\-f] [\-d dir] [\-p password] . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-reveal\fR to see this note\. +. .SH "SEE ALSO" -git\-secret\-init(1), git\-secret\-tell(1), git\-secret\-add(1), git\-secret\-hide(1) +git\-secret\-init(1) \fIhttp://git\-secret\.io/git\-secret\-init\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR diff --git a/man/man1/git-secret-reveal.1.ronn b/man/man1/git-secret-reveal.1.ronn index 0c7c2bdf..0dcc6951 100644 --- a/man/man1/git-secret-reveal.1.ronn +++ b/man/man1/git-secret-reveal.1.ronn @@ -18,6 +18,11 @@ git-secret-reveal - decrypts all added files. -h - shows help. +## MANUAL + +Run `man git-secret-reveal` to see this note. + + ## SEE ALSO -git-secret-init(1), git-secret-tell(1), git-secret-add(1), git-secret-hide(1) +[git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-hide(1)](http://git-secret.io/git-secret-hide) diff --git a/man/man1/git-secret-tell.1 b/man/man1/git-secret-tell.1 index 9368e4f7..fe3b14b8 100644 --- a/man/man1/git-secret-tell.1 +++ b/man/man1/git-secret-tell.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-TELL" "1" "March 2016" "" "" +.TH "GIT\-SECRET\-TELL" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-tell\fR \- adds a person, who can access private data\. @@ -10,12 +10,12 @@ . .nf -git secret tell [\-m] [\-d dir] [email] +git secret tell [\-m] [\-d dir] [emails]\.\.\. . .fi . .SH "DESCRIPTION" -\fBgit\-secret\-tell\fR receives an email address as an input, searches for the \fBgpg\fR\-key in the \fBgpg\fR\'s \fBhomedir\fR by this email, then imports a person\'s public key into the \fBgit\-secret\fR\'s inner keychain\. From this moment this person can encrypt new files with the keyring which contains their key\. But they cannot decrypt the old files, which were already encrypted without their key\. They should be reencrypted with the new keyring by someone, who has the unencrypted files\. +\fBgit\-secret\-tell\fR receives an email addresses as an input, searches for the \fBgpg\fR\-key in the \fBgpg\fR\'s \fBhomedir\fR by these emails, then imports a person\'s public key into the \fBgit\-secret\fR\'s inner keychain\. From this moment this person can encrypt new files with the keyring which contains their key\. But they cannot decrypt the old files, which were already encrypted without their key\. They should be reencrypted with the new keyring by someone, who has the unencrypted files\. . .P \fBDo not manually import secret key into \fBgit\-secret\fR\fR\. Anyways, it won\'t work with any of the secret\-keys imported\. @@ -30,5 +30,8 @@ git secret tell [\-m] [\-d dir] [email] . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-tell\fR to see this note\. +. .SH "SEE ALSO" -git\-secret\-init(1), git\-secret\-add(1), git\-secret\-hide(1), git\-secret\-reveal(1) +git\-secret\-init(1) \fIhttp://git\-secret\.io/git\-secret\-init\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR, git\-secret\-killperson(1) \fIhttp://git\-secret\.io/git\-secret\-killperson\fR diff --git a/man/man1/git-secret-tell.1.ronn b/man/man1/git-secret-tell.1.ronn index e0576e7c..86c36672 100644 --- a/man/man1/git-secret-tell.1.ronn +++ b/man/man1/git-secret-tell.1.ronn @@ -3,11 +3,11 @@ git-secret-tell - adds a person, who can access private data. ## SYNOPSIS - git secret tell [-m] [-d dir] [email] + git secret tell [-m] [-d dir] [emails]... ## DESCRIPTION -`git-secret-tell` receives an email address as an input, searches for the `gpg`-key in the `gpg`'s `homedir` by this email, then imports a person's public key into the `git-secret`'s inner keychain. From this moment this person can encrypt new files with the keyring which contains their key. But they cannot decrypt the old files, which were already encrypted without their key. They should be reencrypted with the new keyring by someone, who has the unencrypted files. +`git-secret-tell` receives an email addresses as an input, searches for the `gpg`-key in the `gpg`'s `homedir` by these emails, then imports a person's public key into the `git-secret`'s inner keychain. From this moment this person can encrypt new files with the keyring which contains their key. But they cannot decrypt the old files, which were already encrypted without their key. They should be reencrypted with the new keyring by someone, who has the unencrypted files. **Do not manually import secret key into `git-secret`**. Anyways, it won't work with any of the secret-keys imported. @@ -19,6 +19,11 @@ git-secret-tell - adds a person, who can access private data. -h - shows help. +## MANUAL + +Run `man git-secret-tell` to see this note. + + ## SEE ALSO -git-secret-init(1), git-secret-add(1), git-secret-hide(1), git-secret-reveal(1) +[git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal), [git-secret-killperson(1)](http://git-secret.io/git-secret-killperson) diff --git a/man/man1/git-secret-usage.1 b/man/man1/git-secret-usage.1 index d6071a5c..5a7d2278 100644 --- a/man/man1/git-secret-usage.1 +++ b/man/man1/git-secret-usage.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-USAGE" "1" "February 2016" "" "" +.TH "GIT\-SECRET\-USAGE" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-usage\fR \- prints all the available commands\. @@ -25,5 +25,8 @@ git secret usage . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-usage\fR to see this note\. +. .SH "SEE ALSO" -git\-secret\-init(1), git\-secret\-add(1), git\-secret\-hide(1), git\-secret\-reveal(1) +git\-secret\-init(1) \fIhttp://git\-secret\.io/git\-secret\-init\fR, git\-secret\-add(1) \fIhttp://git\-secret\.io/git\-secret\-add\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR diff --git a/man/man1/git-secret-usage.1.ronn b/man/man1/git-secret-usage.1.ronn index 3c469f97..50b6bb37 100644 --- a/man/man1/git-secret-usage.1.ronn +++ b/man/man1/git-secret-usage.1.ronn @@ -15,6 +15,11 @@ git-secret-usage - prints all the available commands. -h - shows this help. +## MANUAL + +Run `man git-secret-usage` to see this note. + + ## SEE ALSO -git-secret-init(1), git-secret-add(1), git-secret-hide(1), git-secret-reveal(1) +[git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-add(1)](http://git-secret.io/git-secret-add), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal) diff --git a/man/man1/git-secret-whoknows.1 b/man/man1/git-secret-whoknows.1 index 3c4c3935..e532e29f 100644 --- a/man/man1/git-secret-whoknows.1 +++ b/man/man1/git-secret-whoknows.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-WHOKNOWS" "1" "February 2016" "" "" +.TH "GIT\-SECRET\-WHOKNOWS" "1" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-whoknows\fR \- prints email\-labels for each key in the keyring\. @@ -25,5 +25,8 @@ git secret whoknows . .fi . +.SH "MANUAL" +Run \fBman git\-secret\-whoknows\fR to see this note\. +. .SH "SEE ALSO" -git\-secret\-list(1), git\-secret\-add(1), git\-secret\-hide(1), git\-secret\-reveal(1) +git\-secret\-list(1) \fIhttp://git\-secret\.io/git\-secret\-list\fR, git\-secret\-tell(1) \fIhttp://git\-secret\.io/git\-secret\-tell\fR, git\-secret\-hide(1) \fIhttp://git\-secret\.io/git\-secret\-hide\fR, git\-secret\-reveal(1) \fIhttp://git\-secret\.io/git\-secret\-reveal\fR diff --git a/man/man1/git-secret-whoknows.1.ronn b/man/man1/git-secret-whoknows.1.ronn index f3d1ff8e..ab1b2bec 100644 --- a/man/man1/git-secret-whoknows.1.ronn +++ b/man/man1/git-secret-whoknows.1.ronn @@ -15,6 +15,11 @@ git-secret-whoknows - prints email-labels for each key in the keyring. -h - shows this help. +## MANUAL + +Run `man git-secret-whoknows` to see this note. + + ## SEE ALSO -git-secret-list(1), git-secret-add(1), git-secret-hide(1), git-secret-reveal(1) +[git-secret-list(1)](http://git-secret.io/git-secret-list), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal) diff --git a/man/man7/git-secret.7 b/man/man7/git-secret.7 index 2e4166d9..39f54b09 100644 --- a/man/man7/git-secret.7 +++ b/man/man7/git-secret.7 @@ -1,137 +1,11 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET" "7" "July 2016" "" "" +.TH "GIT\-SECRET" "7" "February 2017" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\fR . -.SH "Content" -. -.IP "1." 4 -\fIIntro\fR -. -.IP "2." 4 -\fIInstallation\fR -. -.IP "3." 4 -\fIUsage\fR -. -.IP "4." 4 -\fIConfiguration\fR -. -.IP "" 0 -. -.SH "Intro" -There\'s a known problem in server configuration and deploying, when you have to store your private data such as: database passwords, application secret\-keys, OAuth secret keys and so on, outside of the git repository\. Even if this repository is private, it is a security risk to just publish them into the world wide web\. What are the drawbacks of storing them separately? -. -.IP "1." 4 -These files are not version controlled\. Filenames change, locations change, passwords change from time to time, some new information appears, other is removed\. And you can not tell for sure which version of the configuration file was used with each commit\. -. -.IP "2." 4 -When building the automated deployment system there will be one extra step: download and place these secret\-configuration files where they need to be\. So you have to maintain an extra secure server, where everything is stored\. -. -.IP "" 0 -. -.SS "How does git\-secret solve these problems?" -. -.IP "1." 4 -\fBgit\-secret\fR encrypts files and stores them inside the \fBgit\fR repository, so you will have all the changes for every commit\. -. -.IP "2." 4 -\fBgit\-secret\fR doesn\'t require any other deploy operations rather than \fBgit secret reveal\fR, so it will automatically decrypt all the required files\. -. -.IP "" 0 -. -.SS "What is git\-secret?" -\fBgit\-secret\fR is a bash tool to store your private data inside a \fBgit\fR repo\. How\'s that? Basically, it just encrypts, using \fBgpg\fR, the tracked files with the public keys of all the users that you trust\. So everyone of them can decrypt these files using only their personal secret key\. Why deal with all this private\-public keys stuff? Well, to make it easier for everyone to manage access rights\. There are no passwords that change\. When someone is out \- just delete his public key, reencrypt the files, and he won\'t be able to decrypt secrets anymore\. -. -.SH "Installation" -. -.SS "Dependencies" -\fBgit\-secret\fR relies on two dependencies: \fBgit\fR \fIhttps://git\-scm\.com/\fR and \fBgpg\fR \fIhttps://www\.gnupg\.org/\fR\. Download and install them before using this project\. \fBgit\-secret\fR is tested to work with: -. -.IP "" 4 -. -.nf - -git version 2\.7\.0 -gpg (GnuPG) 1\.4\.20 -. -.fi -. -.IP "" 0 -. -.SS "Supported platforms" -\fBgit\-secret\fR works with \fBMac OS X\fR >= 10\.9, \fBUbuntu\fR >= 14\.04 and \fBDebian\fR >= 8\.3 You can add your platform to this list, if all the tests pass for you\. \fBCygwin\fR support is planned\. -. -.SS "Installation process" -There are several ways to install \fBgit\-secret\fR: -. -.P -\fB\fBHomebrew\fR\fR -. -.IP "1." 4 -Run \fBbrew install git\-secret\fR\. That will do\. Also, there are two options: -. -.IP "2." 4 -\fB\-\-without\-gpg\fR to build without \fBgpg\fR support -. -.IP "3." 4 -\fB\-\-HEAD\fR to install \fBHEAD\fR version -. -.IP "4." 4 -Note, that we have migrated from \fBtap\fR to the official \fBbrew\fR repo -. -.IP "" 0 -. -.P -\fB\fB\fBdeb\fR package\fR\fR -. -.IP "1." 4 -Run \fBecho "deb https://dl\.bintray\.com/sobolevn/deb git\-secret stable" | sudo tee \-a /etc/apt/sources\.list\fR -. -.IP "2." 4 -Run \fBsudo apt\-get install git\-secret\fR -. -.IP "" 0 -. -.P -\fB\fB\fBrpm\fR package\fR\fR -. -.IP "1." 4 -Run \fBwget https://bintray\.com/sobolevn/rpm/rpm \-O bintray\-sobolevn\-rpm\.repo && sudo mv bintray\-sobolevn\-rpm\.repo /etc/yum\.repos\.d/\fR -. -.IP "2." 4 -Run \fBsudo yum install git\-secret\fR -. -.IP "" 0 -. -.P -\fB\fBManual\fR\fR -. -.IP "1." 4 -Clone the repository first: \fBgit clone https://github\.com/sobolevn/git\-secret\.git git\-secret\fR -. -.IP "2." 4 -Run \fBcd git\-secret && make build\fR -. -.IP "3." 4 -Run \fBPREFIX="/usr/local" make install\fR, note that you can install to any prefix in your \fBPATH\fR -. -.IP "" 0 -. -.P -\fB\fB\fBantigen\fR plugin (or any other \fBoh\-my\-zsh\fR\-styled plugin\-systems)\fR\fR -. -.IP "1." 4 -Add line \fBantigen bundle sobolevn/git\-secret\fR to your \fB~/\.zshrc\fR -. -.IP "2." 4 -Run \fBsource ~/\.zshrc\fR or reopen the terminal -. -.IP "" 0 -. .SH "Usage" These steps cover the basic process of using \fBgit\-secret\fR: . diff --git a/man/man7/git-secret.7.ronn b/man/man7/git-secret.7.ronn index f4618ebc..ec04aae3 100644 --- a/man/man7/git-secret.7.ronn +++ b/man/man7/git-secret.7.ronn @@ -1,80 +1,3 @@ -## Content - -1. [Intro](#intro) -2. [Installation](#installation) -3. [Usage](#usage) -4. [Configuration](#configuration) - -## Intro - -There's a known problem in server configuration and deploying, when you have to store your private data such as: database passwords, application secret-keys, OAuth secret keys and so on, outside of the git repository. Even if this repository is private, it is a security risk to just publish them into the world wide web. What are the drawbacks of storing them separately? - -1. These files are not version controlled. Filenames change, locations change, passwords change from time to time, some new information appears, other is removed. And you can not tell for sure which version of the configuration file was used with each commit. -2. When building the automated deployment system there will be one extra step: download and place these secret-configuration files where they need to be. So you have to maintain an extra secure server, where everything is stored. - -### How does `git-secret` solve these problems? - -1. `git-secret` encrypts files and stores them inside the `git` repository, so you will have all the changes for every commit. -2. `git-secret` doesn't require any other deploy operations rather than `git secret reveal`, so it will automatically decrypt all the required files. - -### What is `git-secret`? - -`git-secret` is a bash tool to store your private data inside a `git` repo. How's that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete his public key, reencrypt the files, and he won't be able to decrypt secrets anymore. - -## Installation - -### Dependencies - -`git-secret` relies on two dependencies: [`git`][1] and [`gpg`][2]. Download and install them before using this project. `git-secret` is tested to work with: - - git version 2.7.0 - gpg (GnuPG) 1.4.20 - -### Supported platforms - -`git-secret` works with `Mac OS X` >= 10.9, `Ubuntu` >= 14.04 and `Debian` >= 8.3 -You can add your platform to this list, if all the tests pass for you. -`Cygwin` support is planned. - -### Installation process - -There are several ways to install `git-secret`: - -**** Homebrew **** - -1. Run `brew install git-secret`. That will do. Also, there are two options: - * `--without-gpg` to build without `gpg` support - * `--HEAD` to install `HEAD` version -2. Note, that we have migrated from `tap` to the official `brew` repo - -**** `deb` package **** - -You can find the `deb` repository [here](https://bintray.com/sobolevn/deb/git-secret). - -0. Pre-requirements: make sure you have installed `apt-transport-https` -1. Run `echo "deb https://dl.bintray.com/sobolevn/deb git-secret main" | sudo tee -a /etc/apt/sources.list` -2. Add the release key: `wget -qO - https://api.bintray.com/users/sobolevn/keys/gpg/public.key | sudo apt-key add -` -3. Run `sudo apt-get update && sudo apt-get install git-secret` - -**** `rpm` package **** - -You can find the `rpm` repository [here](https://bintray.com/sobolevn/rpm/git-secret). - -1. Run `wget https://bintray.com/sobolevn/rpm/rpm -O bintray-sobolevn-rpm.repo && sudo mv bintray-sobolevn-rpm.repo /etc/yum.repos.d/` -2. Run `sudo yum install git-secret` - -**** Manual **** - -1. Clone the repository first: `git clone https://github.com/sobolevn/git-secret.git git-secret` -2. Run `cd git-secret && make build` -3. Run `PREFIX="/usr/local" make install`, note that you can install to any prefix in your `PATH` - -**** `antigen` plugin (or any other `oh-my-zsh`-styled plugin-systems) **** - -1. Add line `antigen bundle sobolevn/git-secret` to your `~/.zshrc` -2. Run `source ~/.zshrc` or reopen the terminal - - ## Usage These steps cover the basic process of using `git-secret`: @@ -100,6 +23,3 @@ These settings are available to be changed: * `$SECRETS_GPG_COMMAND` - sets the `gpg` alternatives, defaults to `gpg`. It can be changed to `gpg`, `gpg2`, `pgp`, `/usr/local/gpg` or any other value. After doing so rerun tests to be sure, that it won't break anything. Tested to be working with: `gpg`, `gpg2`. * `$SECRETS_EXTENSION` - sets the secret files extension, defaults to `.secret`. It can be changed to any valid file extension. - -[1]: https://git-scm.com/ -[2]: https://www.gnupg.org/ diff --git a/src/_utils/_git_secret_tools.sh b/src/_utils/_git_secret_tools.sh index b574bbfc..d605c021 100644 --- a/src/_utils/_git_secret_tools.sh +++ b/src/_utils/_git_secret_tools.sh @@ -21,15 +21,15 @@ SECRETS_DIR_PATHS_MAPPING="$SECRETS_DIR_PATHS/mapping.cfg" # shellcheck disable GPGLOCAL="$SECRETS_GPG_COMMAND --homedir=$SECRETS_DIR_KEYS --no-permission-warning" -# Inner bash : +# Inner bash: function _function_exists { - declare -f -F "$1" > /dev/null + declare -f -F "$1" > /dev/null 2>&1 echo $? } -# OS based : +# OS based: function _os_based { # Pass function name as first parameter. @@ -57,7 +57,7 @@ function _os_based { } -# File System : +# File System: function _set_config { # First parameter is the KEY, second is VALUE, third is filename. @@ -125,10 +125,10 @@ function _show_manual_for { } -# VCS : +# VCS: function _check_ignore { - git check-ignore -q "$1"; + git check-ignore --no-index -q "$1"; echo $? } @@ -142,17 +142,68 @@ function _add_ignored_file { } -# Logic : +function _is_inside_git_tree { + git rev-parse --is-inside-work-tree >/dev/null 2>&1 + echo $? +} + + +function _get_git_root_path { + # We need this function to get the location of the `.git` folder, + # since `.gitsecret` must be on the same level. + local result + result=$(git rev-parse --show-toplevel) + echo "$result" +} + + +# Logic: function _abort { >&2 echo "$1 abort." exit 1 } +function _find_and_clean { + # required: + local pattern="$1" # can be any string pattern + + # optional: + local verbose=${2:-""} # can be empty or should be equal to "v" + + # shellcheck disable=2086 + find . -name "$pattern" -type f -print0 | xargs -0 rm -f$verbose +} + + +function _find_and_clean_formated { + # required: + local pattern="$1" # can be any string pattern + + # optional: + local verbose=${2:-""} # can be empty or should be equal to "v" + local message=${3:-"cleaning:"} # can be any string + + if [[ ! -z "$verbose" ]]; then + echo && echo "$message" + fi + + _find_and_clean "$pattern" "$verbose" + + if [[ ! -z "$verbose" ]]; then + echo + fi +} + function _secrets_dir_exists { - if [[ ! -d "$SECRETS_DIR" ]]; then - _abort "$SECRETS_DIR does not exist." + local root_path + root_path=$(_get_git_root_path) + + local full_path="$root_path/$SECRETS_DIR" + + if [[ ! -d "$full_path" ]]; then + _abort "$full_path does not exist." fi } @@ -166,7 +217,7 @@ function _user_required { fi local keys_exist - keys_exist=$($GPGLOCAL -n --list-keys --with-colon) + keys_exist=$($GPGLOCAL -n --list-keys) if [[ -z "$keys_exist" ]]; then _abort "$error_message" fi @@ -228,8 +279,8 @@ function _decrypt { if [[ ! -z "$passphrase" ]]; then echo "$passphrase" | $base --batch --yes --no-tty --passphrase-fd 0 \ - "$encrypted_filename" + "$encrypted_filename" > /dev/null 2>&1 else - $base "$encrypted_filename" + $base "$encrypted_filename" > /dev/null 2>&1 fi } diff --git a/src/commands/git_secret_add.sh b/src/commands/git_secret_add.sh index 29da19d1..8c04fc15 100644 --- a/src/commands/git_secret_add.sh +++ b/src/commands/git_secret_add.sh @@ -8,7 +8,8 @@ function add { while getopts "ih" opt; do case "$opt" in i) auto_add=1;; - h) _show_manaul_for "add";; + + h) _show_manual_for "add";; esac done diff --git a/src/commands/git_secret_changes.sh b/src/commands/git_secret_changes.sh index b669cda9..2d9f8330 100644 --- a/src/commands/git_secret_changes.sh +++ b/src/commands/git_secret_changes.sh @@ -18,14 +18,17 @@ function changes { shift $((OPTIND-1)) [ "$1" = '--' ] && shift - local filenames="$1" - if [[ -z "$filenames" ]]; then + _user_required + + local filenames="$*" + if [[ -z $filenames ]]; then # Checking if no filenames are passed, show diff for all files. filenames=$(git secret list) fi IFS=' ' + for filename in $filenames; do local decrypted local content diff --git a/src/commands/git_secret_clean.sh b/src/commands/git_secret_clean.sh index 7068a05a..09f6653a 100644 --- a/src/commands/git_secret_clean.sh +++ b/src/commands/git_secret_clean.sh @@ -17,14 +17,8 @@ function clean { shift $((OPTIND-1)) [ "$1" = '--' ] && shift - if [[ ! -z "$verbose" ]]; then - echo && echo 'cleaing:' - fi - - find . -name "*$SECRETS_EXTENSION" -type f -print0 | xargs rm -f$verbose - - if [[ ! -z "$verbose" ]]; then - echo - fi + _user_required + # User should see properly formated output: + _find_and_clean_formated "*$SECRETS_EXTENSION" "$verbose" } diff --git a/src/commands/git_secret_hide.sh b/src/commands/git_secret_hide.sh index ec781bc7..effcacc7 100644 --- a/src/commands/git_secret_hide.sh +++ b/src/commands/git_secret_hide.sh @@ -2,33 +2,66 @@ function _optional_clean { - OPTIND=1 + local clean="$1" + local verbose=${2:-""} + + if [[ $clean -eq 1 ]]; then + _find_and_clean_formated "*$SECRETS_EXTENSION" "$verbose" + fi +} + + +function _optional_delete { + local delete="$1" + local verbose=${2:-""} + + if [[ $delete -eq 1 ]]; then + # We use custom formating here: + if [[ ! -z "$verbose" ]]; then + echo && echo 'removing unencrypted files:' + fi + + while read -r line; do + # So the formating would not be repeated several times here: + _find_and_clean "*$line" "$verbose" + done < "$SECRETS_DIR_PATHS_MAPPING" + + if [[ ! -z "$verbose" ]]; then + echo + fi + fi + +} + + +function hide { local clean=0 - local opt_string='' + local delete=0 + local verbose='' + + OPTIND=1 - while getopts 'cvh' opt; do + while getopts 'cdvh' opt; do case "$opt" in c) clean=1;; - h) _show_manual_for 'hide';; + d) delete=1;; + + v) verbose='v';; - v) opt_string='-v';; + h) _show_manual_for 'hide';; esac done shift $((OPTIND-1)) [ "$1" = '--' ] && shift + # We need user to continue: _user_required - if [[ $clean -eq 1 ]]; then - clean "$opt_string" - fi -} - - -function hide { - _optional_clean "$@" + # If -c option was provided, it would clean the hidden files + # before creating new ones. + _optional_clean "$clean" "$verbose" local counter=0 while read -r line; do @@ -45,5 +78,9 @@ function hide { counter=$((counter+1)) done < "$SECRETS_DIR_PATHS_MAPPING" + # If -d option was provided, it would delete the source files + # after we have already hidden them. + _optional_delete "$delete" "$verbose" + echo "done. all $counter files are hidden." } diff --git a/src/commands/git_secret_killperson.sh b/src/commands/git_secret_killperson.sh index 371a2bb2..f4ec07e9 100644 --- a/src/commands/git_secret_killperson.sh +++ b/src/commands/git_secret_killperson.sh @@ -15,9 +15,13 @@ function killperson { _user_required - if [[ ${#@} -eq 0 ]]; then - _abort "email is required." + local emails=( "$@" ) + + if [[ ${#emails[@]} -eq 0 ]]; then + _abort "at least one email is required." fi - $GPGLOCAL --batch --yes --delete-key "$1" + for email in "${emails[@]}"; do + $GPGLOCAL --batch --yes --delete-key "$email" + done } diff --git a/src/commands/git_secret_reveal.sh b/src/commands/git_secret_reveal.sh index 7f6a389c..7b60fc00 100644 --- a/src/commands/git_secret_reveal.sh +++ b/src/commands/git_secret_reveal.sh @@ -23,7 +23,7 @@ function reveal { shift $((OPTIND-1)) [ "$1" = '--' ] && shift - _user_required + _user_required local counter=0 while read -r line; do diff --git a/src/commands/git_secret_tell.sh b/src/commands/git_secret_tell.sh index efdcc316..57e05a23 100644 --- a/src/commands/git_secret_tell.sh +++ b/src/commands/git_secret_tell.sh @@ -2,20 +2,19 @@ function tell { - local email + local emails + local self_email=0 local homedir # A POSIX variable # Reset in case getopts has been used previously in the shell. OPTIND=1 - while getopts "h?md:" opt; do + while getopts "hmd:" opt; do case "$opt" in h) _show_manual_for "tell";; - m) # Set email of the git current user: - email=$(git config user.email) || _abort "'git config user.email' is not set." - ;; + m) self_email=1;; d) homedir=$OPTARG;; esac @@ -24,34 +23,49 @@ function tell { shift $((OPTIND-1)) [ "$1" = "--" ] && shift - # Moved to enable viewing a manual without validation: + # Validates that application is inited: _secrets_dir_exists - # Custom argument-parsing: - if [[ -z $email ]]; then - # Email was not set via `-m` and is in $1: - test ! -z "$1" && email="$1"; shift || _abort "first argument must be an email address." - fi + emails=( "$@" ) + local git_email + + if [[ "$self_email" -eq 1 ]]; then + git_email=$(git config user.email) - # This file will be removed automatically: - _temporary_file # note, that `_temporary_file` will export `filename` var. - # shellcheck disable=2154 - local keyfile="$filename" - - if [[ -z "$homedir" ]]; then - $SECRETS_GPG_COMMAND --export -a "$email" > "$keyfile" - else - # It means that homedir is set as an extra argument via `-d`: - $SECRETS_GPG_COMMAND --no-permission-warning --homedir="$homedir" \ - --export -a "$email" > "$keyfile" + if [[ -z "$git_email" ]]; then + _abort "'git config user.email' is not set." + fi + + emails+=("$git_email") fi - if [[ ! -s "$keyfile" ]]; then - _abort 'gpg key is empty. check your key name: "gpg --list-keys".' + if [[ "${#emails[@]}" -eq 0 ]]; then + # If after possible addition of git_email, emails are still empty, + # we should raise an exception. + _abort "you must provide at least one email address." fi - # Importing public key to the local keychain: - $GPGLOCAL --import "$keyfile" > /dev/null 2>&1 + for email in "${emails[@]}"; do + # This file will be removed automatically: + _temporary_file # note, that `_temporary_file` will export `filename` var. + # shellcheck disable=2154 + local keyfile="$filename" + + if [[ -z "$homedir" ]]; then + $SECRETS_GPG_COMMAND --export -a "$email" > "$keyfile" + else + # It means that homedir is set as an extra argument via `-d`: + $SECRETS_GPG_COMMAND --no-permission-warning --homedir="$homedir" \ + --export -a "$email" > "$keyfile" + fi + + if [[ ! -s "$keyfile" ]]; then + _abort 'gpg key is empty. check your key name: "gpg --list-keys".' + fi + + # Importing public key to the local keychain: + $GPGLOCAL --import "$keyfile" > /dev/null 2>&1 + done - echo "done. $email added as a person who knows the secret." + echo "done. ${emails[*]} added as someone who know(s) the secret." } diff --git a/src/commands/git_secret_usage.sh b/src/commands/git_secret_usage.sh index 0e468771..a2c07c64 100644 --- a/src/commands/git_secret_usage.sh +++ b/src/commands/git_secret_usage.sh @@ -1,19 +1,6 @@ #!/usr/bin/env bash -function _show_help_usage { - cat <<-EOF -usage: git secret usage -prints all the available commands. - -options: - -h shows this help. - -EOF - exit 0 -} - - function usage { OPTIND=1 @@ -26,14 +13,11 @@ function usage { shift $((OPTIND-1)) [ "$1" = "--" ] && shift - local commands="" - local separator="|" - - for com in $(compgen -A function); do - if [[ ! $com == _* ]]; then - commands+="$com$separator" - fi - done + # There was a bug with some shells, which were adding extra commands + # to the old dynamic-loading version of this code. + # thanks to @antmak it is now fixed, see: + # https://github.com/sobolevn/git-secret/issues/47 + local commands="add|changes|clean|hide|init|killperson|list|remove|reveal|tell|usage|whoknows" - echo "usage: git secret [${commands%?}]" + echo "usage: git secret [$commands]" } diff --git a/src/commands/git_secret_whoknows.sh b/src/commands/git_secret_whoknows.sh index 9b35c854..066d8aed 100644 --- a/src/commands/git_secret_whoknows.sh +++ b/src/commands/git_secret_whoknows.sh @@ -18,7 +18,7 @@ function whoknows { local keys - # Just to the point: + # Getting the users from gpg: keys=$(_get_users_in_keyring) echo "$keys" } diff --git a/src/main.sh b/src/main.sh index a4884751..100576d0 100755 --- a/src/main.sh +++ b/src/main.sh @@ -4,7 +4,9 @@ set -e function _check_setup { # Checking git and secret-plugin setup: - if [[ ! -d ".git" ]] || [[ ! -d ".git/hooks" ]]; then + local is_tree + is_tree=$(_is_inside_git_tree) + if [[ ! $is_tree -eq 0 ]]; then _abort "repository is broken. try running 'git init' or 'git clone'." fi diff --git a/src/version.sh b/src/version.sh index eb715ac9..6b5c7a3a 100644 --- a/src/version.sh +++ b/src/version.sh @@ -1,3 +1,3 @@ #!/usr/bin/env bash -GITSECRET_VERSION='0.2.1' # shellcheck disable=2034 +GITSECRET_VERSION='0.2.2' # shellcheck disable=2034 diff --git a/tests/_test_base.bash b/tests/_test_base.bash index 0ea845a6..68fda84c 100644 --- a/tests/_test_base.bash +++ b/tests/_test_base.bash @@ -3,34 +3,35 @@ # This file is following a name convention defined in: # https://github.com/sstephenson/bats +# shellcheck disable=1090 source "$SECRET_PROJECT_ROOT/src/version.sh" +# shellcheck disable=1090 source "$SECRET_PROJECT_ROOT/src/_utils/_git_secret_tools.sh" # Constants: - FIXTURES_DIR="$BATS_TEST_DIRNAME/fixtures" -# Folders: -TEST_SECRETS_DIR="$BATS_TMPDIR/$SECRETS_DIR" -TEST_SECRETS_DIR_PATHS_MAPPING="$BATS_TMPDIR/$SECRETS_DIR_PATHS_MAPPING" - -TEST_GPG_HOMEDIR="$PWD" +TEST_GPG_HOMEDIR="$BATS_TMPDIR" # GPG-based stuff: -: ${SECRETS_GPG_COMMAND:="gpg"} +: "${SECRETS_GPG_COMMAND:="gpg"}" GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warning" # Personal data: TEST_DEFAULT_USER="user1" +TEST_SECOND_USER="user2" # shellcheck disable=2034 +TEST_ATTACKER_USER="attacker1" # shellcheck disable=2034 function test_user_password { + # It was set on key creation: echo "${1}pass" } function test_user_email { + # It was set on key creation: echo "${1}@gitsecret.io" } @@ -39,21 +40,25 @@ function test_user_email { function get_gpg_fingerprint_by_email { local email="$1" - local fingerprint=$($GPGTEST --list-public-keys --with-fingerprint --with-colons | \ - sed -e '/<'$email'>::scESC:/,/[A-Z0-9]\{40\}:/!d' | \ + local fingerprint + + fingerprint=$($GPGTEST --list-public-keys --with-fingerprint --with-colons | \ + sed -e '/<'"$email"'>::scESC:/,/[A-Z0-9]\{40\}:/!d' | \ sed -e '/fpr/!d' | \ sed -n 's/fpr:::::::::\([A-Z|0-9]\{40\}\):/\1/p') - echo $fingerprint + echo "$fingerprint" } function install_fixture_key { local public_key="$BATS_TMPDIR/public-${1}.key" - local email=$(test_user_email "$1") + local email + + email=$(test_user_email "$1") $SECRETS_GPG_COMMAND --homedir="$FIXTURES_DIR/gpg/${1}" \ --no-permission-warning --output "$public_key" \ - --armor --batch --yes --export "$email" > /dev/null 2>&1 + --armor --batch --yes --export "$email" > /dev/null 2>&1 $GPGTEST --import "$public_key" > /dev/null 2>&1 rm -f "$public_key" } @@ -61,18 +66,23 @@ function install_fixture_key { function install_fixture_full_key { local private_key="$BATS_TMPDIR/private-${1}.key" - local email=$(test_user_email "$1") + local email + local fp + local fingerprint + + email=$(test_user_email "$1") $SECRETS_GPG_COMMAND --homedir="$FIXTURES_DIR/gpg/${1}" \ --no-permission-warning --output "$private_key" --armor \ --yes --export-secret-key "$email" > /dev/null 2>&1 - $GPGTEST --allow-secret-key-import --import "$private_key" > /dev/null 2>&1 + $GPGTEST --allow-secret-key-import \ + --import "$private_key" > /dev/null 2>&1 - local fp=$($GPGTEST --with-fingerprint "$private_key") + fp=$($GPGTEST --with-fingerprint "$private_key") # since 0.1.2 fingerprint is returned: - local fingerprint=$(echo "$fp" | tr -d ' ' | sed -n '2p' | sed -e 's/.*=//g') + fingerprint=$(echo "$fp" | tr -d ' ' | sed -n '2p' | sed -e 's/.*=//g') install_fixture_key "$1" @@ -82,21 +92,25 @@ function install_fixture_full_key { function uninstall_fixture_key { - local email=$(test_user_email "$1") + local email + + email=$(test_user_email "$1") $GPGTEST --batch --yes --delete-key "$email" > /dev/null 2>&1 } function uninstall_fixture_full_key { - local email=$(test_user_email "$1") + local email + email=$(test_user_email "$1") local fingerprint="$2" if [[ -z "$fingerprint" ]]; then # see issue_12, fingerprint on `gpg2` has different format: - fingerprint=$(_get_gpg_fingerprint_by_email "$email") + fingerprint=$(get_gpg_fingerprint_by_email "$email") fi - $GPGTEST --batch --yes --delete-secret-keys "$fingerprint" > /dev/null 2>&1 + $GPGTEST --batch --yes \ + --delete-secret-keys "$fingerprint" > /dev/null 2>&1 uninstall_fixture_key "$1" } @@ -112,8 +126,12 @@ function git_set_config_email { function git_commit { git_set_config_email "$1" - local user_name=$(git config user.name) - local commit_gpgsign=$(git config commit.gpgsign) + local user_name + local commit_gpgsign + + user_name=$(git config user.name) + + commit_gpgsign=$(git config commit.gpgsign) git config --local user.name "$TEST_DEFAULT_USER" git config --local commit.gpgsign false @@ -133,6 +151,11 @@ function remove_git_repository { # Git Secret: +function set_state_initial { + cd "$BATS_TMPDIR" || exit 1 +} + + function set_state_git { git init > /dev/null 2>&1 } @@ -144,7 +167,9 @@ function set_state_secret_init { function set_state_secret_tell { - local email=$(test_user_email $1) + local email + + email=$(test_user_email "$1") git secret tell -d "$TEST_GPG_HOMEDIR" "$email" > /dev/null 2>&1 } @@ -166,7 +191,7 @@ function set_state_secret_hide { function unset_current_state { # states order: - # git, secret_init, secret_tell, secret_add, secret_hide + # initial, git, secret_init, secret_tell, secret_add, secret_hide # unsets `secret_hide` # removes .secret files: @@ -181,4 +206,7 @@ function unset_current_state { # removes gpg homedir: rm -f "pubring.gpg" "pubring.gpg~" "secring.gpg" "trustdb.gpg" "random_seed" + + # return to the base dir: + cd "$SECRET_PROJECT_ROOT" || exit 1 } diff --git a/tests/test_add.bats b/tests/test_add.bats index b65944d3..36d048ea 100644 --- a/tests/test_add.bats +++ b/tests/test_add.bats @@ -5,6 +5,8 @@ load _test_base function setup { install_fixture_key "$TEST_DEFAULT_USER" + + set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" @@ -23,13 +25,13 @@ function teardown { echo "content" > "$TEST_FILE" run git secret add "$TEST_FILE" - rm -f "$TEST_FILE" - [ "$status" -eq 1 ] + + rm -f "$TEST_FILE" } -@test "run 'add' for unignored file with '-i' option" { +@test "run 'add' for unignored file with '-i'" { local TEST_FILE='test_file.auto_ignore' touch "$TEST_FILE" echo "content" > "$TEST_FILE" @@ -50,15 +52,32 @@ function teardown { echo "$filename" > ".gitignore" run git secret add "$filename" - rm -f "$filename" ".gitignore" - [ "$status" -eq 0 ] + rm -f "$filename" ".gitignore" + local files_list=$(cat "$SECRETS_DIR_PATHS_MAPPING") [ "$files_list" = "$filename" ] } +@test "run 'add' for file in subdirectory" { + local TEST_FILE='test_file' + local TEST_DIR='test_dir' + + mkdir -p "$TEST_DIR" + touch "$TEST_DIR/$TEST_FILE" + echo "content" > "$TEST_DIR/$TEST_FILE" + echo "$TEST_DIR/$TEST_FILE" > ".gitignore" + + run git secret add "$TEST_DIR/$TEST_FILE" + [ "$status" -eq 0 ] + [[ "$output" == *"1 items added."* ]] + + rm -rf "$TEST_DIR" +} + + @test "run 'add' twice for one file" { local filename="local_file" echo "content" > "$filename" @@ -66,11 +85,11 @@ function teardown { run git secret add "$filename" run git secret add "$filename" - rm -f "$filename" ".gitignore" - [ "$status" -eq 0 ] [ "$output" = "1 items added." ] + rm -f "$filename" ".gitignore" + local files_list=`cat "$SECRETS_DIR_PATHS_MAPPING"` [ "$files_list" = "$filename" ] } @@ -86,8 +105,8 @@ function teardown { echo "$filename2" >> ".gitignore" run git secret add "$filename1" "$filename2" - rm -f "$filename1" "$filename2" ".gitignore" - [ "$status" -eq 0 ] [ "$output" = "2 items added." ] + + rm -f "$filename1" "$filename2" ".gitignore" } diff --git a/tests/test_changes.bats b/tests/test_changes.bats index b151b22e..6bcedf0c 100644 --- a/tests/test_changes.bats +++ b/tests/test_changes.bats @@ -12,6 +12,7 @@ FINGERPRINT="" function setup { FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER") + set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" @@ -66,3 +67,23 @@ function teardown { [[ "$output" == *"changes in $SECOND_FILE_TO_HIDE"* ]] [[ "$output" == *"$second_file_to_hide"* ]] } + +@test "run 'changes' with multiple selected files changed" { + local password=$(test_user_password "$TEST_DEFAULT_USER") + local new_content="new content" + local second_new_content="something different" + echo "$new_content" >> "$FILE_TO_HIDE" + echo "$second_new_content" >> "$SECOND_FILE_TO_HIDE" + + run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password" \ + "$FILE_TO_HIDE" "$SECOND_FILE_TO_HIDE" + + [ "$status" -eq 0 ] + + # Testing that output has both filename and changes: + [[ "$output" == *"changes in $FILE_TO_HIDE"* ]] + [[ "$output" == *"$new_content"* ]] + + [[ "$output" == *"changes in $SECOND_FILE_TO_HIDE"* ]] + [[ "$output" == *"$second_file_to_hide"* ]] +} diff --git a/tests/test_clean.bats b/tests/test_clean.bats index 882527c1..1f44916b 100644 --- a/tests/test_clean.bats +++ b/tests/test_clean.bats @@ -1,3 +1,67 @@ #!/usr/bin/env bats -# TODO: create tests for this command. +load _test_base + +FIRST_FILE="file_to_hide1" +SECOND_FILE="file_to_hide2" + +FOLDER="somedir" +FILE_IN_FOLDER="${FOLDER}/file_to_hide3" + + +function setup { + install_fixture_key "$TEST_DEFAULT_USER" + + set_state_initial + set_state_git + set_state_secret_init + set_state_secret_tell "$TEST_DEFAULT_USER" + set_state_secret_add "$FIRST_FILE" "somecontent" + set_state_secret_add "$SECOND_FILE" "somecontent2" + set_state_secret_hide +} + + +function teardown { + uninstall_fixture_key "$TEST_DEFAULT_USER" + unset_current_state + + # This also needs to be cleaned: + rm -f "$FIRST_FILE" "$SECOND_FILE" + rm -rf "$FOLDER" +} + + +function _secret_files_exists { + local result=$(find . -type f -name "*.$SECRETS_EXTENSION" \ + -print0 2>/dev/null | grep -q .; echo "$?") + echo "$result" +} + + +@test "run 'clean' normally" { + run git secret clean + [ "$status" -eq 0 ] + + # There must be no .secret files: + local exists=$(_secret_files_exists) + [ "$exists" -ne 0 ] +} + + +@test "run 'clean' with '-v'" { + run git secret clean -v + [ "$status" -eq 0 ] + + # There must be no .secret files: + local exists=$(_secret_files_exists) + [ "$exists" -ne 0 ] + + local first_filename=$(_get_encrypted_filename "$FIRST_FILE") + local second_filename=$(_get_encrypted_filename "$SECOND_FILE") + + # Output must be verbose: + [[ "$output" == *"cleaning"* ]] + [[ "$output" == *"$first_filename"* ]] + [[ "$output" == *"$second_filename"* ]] +} diff --git a/tests/test_hide.bats b/tests/test_hide.bats index 45cd29bb..b95f8619 100644 --- a/tests/test_hide.bats +++ b/tests/test_hide.bats @@ -9,6 +9,7 @@ FILE_CONTENTS="hidden content юникод" function setup { install_fixture_key "$TEST_DEFAULT_USER" + set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" @@ -26,22 +27,72 @@ function teardown { @test "run 'hide' normally" { run git secret hide + + # Command must execute normally: [ "$status" -eq 0 ] [ "$output" = "done. all 1 files are hidden." ] + + # New files should be crated: + local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE") + [ -f "$encrypted_file" ] } -@test "run 'hide' with params" { +@test "run 'hide' with multiple files" { + # Preparations: + local second_file="second_file.txt" + local second_content="some content" + set_state_secret_add "$second_file" "$second_content" + + # Now it should hide 2 files: + run git secret hide + [ "$status" -eq 0 ] + [ "$output" = "done. all 2 files are hidden." ] +} + + +@test "run 'hide' with '-c' and '-v'" { + # Preparations: + local encrypted_filename=$(_get_encrypted_filename "$FILE_TO_HIDE") + set_state_secret_hide # so it would be data to clean + run git secret hide -v -c [ "$status" -eq 0 ] + + # File should be still there (it is not deletion): + [ -f "$FILE_TO_HIDE" ] + + # Output should be verbose: + [[ "$output" == *"cleaning"* ]] + [[ "$output" == *"$encrypted_filename"* ]] } -@test "run 'hide' for multiple users" { - local new_user="user2" +@test "run 'hide' with '-d'" { + run git secret hide -d + [ "$status" -eq 0 ] + + # File must be removed: + [ ! -f "$FILE_TO_HIDE" ] +} + + +@test "run 'hide' with '-d' and '-v'" { + run git secret hide -v -d + [ "$status" -eq 0 ] + + # File must be removed: + [ ! -f "$FILE_TO_HIDE" ] + + # It should be verbose: + [[ "$output" == *"removing unencrypted files"* ]] + [[ "$output" == *"$FILE_TO_HIDE"* ]] +} + - install_fixture_key "$new_user" - set_state_secret_tell "$new_user" +@test "run 'hide' with multiple users" { + install_fixture_key "$TEST_SECOND_USER" + set_state_secret_tell "$TEST_SECOND_USER" run git secret hide [ "$status" -eq 0 ] diff --git a/tests/test_init.bats b/tests/test_init.bats index 3f6b0241..95a1bd48 100644 --- a/tests/test_init.bats +++ b/tests/test_init.bats @@ -4,6 +4,7 @@ load _test_base function setup { + set_state_initial set_state_git } @@ -13,12 +14,11 @@ function teardown { } -@test "run 'init' without .git" { +@test "run 'init' without '.git'" { remove_git_repository run git secret init [ "$status" -eq 1 ] - [ "$output" = "repository is broken. try running 'git init' or 'git clone'. abort." ] } diff --git a/tests/test_killperson.bats b/tests/test_killperson.bats index b749623b..fc7dbd17 100644 --- a/tests/test_killperson.bats +++ b/tests/test_killperson.bats @@ -5,6 +5,8 @@ load _test_base function setup { install_fixture_key "$TEST_DEFAULT_USER" + + set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" @@ -26,4 +28,22 @@ function teardown { @test "run 'killperson' normally" { run git secret killperson "$TEST_DEFAULT_USER" [ "$status" -eq 0 ] + + # Then whoknows must return an error with status code 1: + run git secret whoknows + [ "$status" -eq 1 ] +} + + +@test "run 'killperson' with multiple arguments" { + # Adding second user: + install_fixture_key "$TEST_SECOND_USER" + set_state_secret_tell "$TEST_SECOND_USER" + + run git secret killperson "$TEST_DEFAULT_USER" "$TEST_SECOND_USER" + [ "$status" -eq 0 ] + + # Nothing to show: + run git secret whoknows + [ "$status" -eq 1 ] } diff --git a/tests/test_list.bats b/tests/test_list.bats index d30e0e19..2eab9d95 100644 --- a/tests/test_list.bats +++ b/tests/test_list.bats @@ -9,6 +9,7 @@ FILE_CONTENTS="hidden content юникод" function setup { install_fixture_key "$TEST_DEFAULT_USER" + set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" @@ -31,9 +32,27 @@ function teardown { } +@test "run 'list' with multiple files" { + # Preparations: + local second_file="second_file.txt" + set_state_secret_add "$second_file" "$FILE_CONTENTS" + + run git secret list + [ "$status" -eq 0 ] + + # Now it should list two files: + [[ "$output" == *"$FILE_TO_HIDE"* ]] + [[ "$output" == *"$second_file"* ]] + + # Cleaning up: + rm -f "$second_file" +} + + @test "run 'list' on empty repo" { git secret remove "$FILE_TO_HIDE" + # Running `list` on empty mapping should result an error: run git secret list [ "$status" -eq 1 ] } diff --git a/tests/test_main.bats b/tests/test_main.bats index 6a1d5838..559cbca1 100644 --- a/tests/test_main.bats +++ b/tests/test_main.bats @@ -4,6 +4,7 @@ load _test_base function setup { + set_state_initial set_state_git } @@ -29,3 +30,17 @@ function teardown { run git secret --version [ "$output" == "$GITSECRET_VERSION" ] } + + +@test "run 'git secret --dry-run'" { + # We will break things apart, so normally it won't run: + rm -rf ".git" + + # This must fail: + run git secret usage + [ "$status" -eq 1 ] + + # Dry run won't fail: + run git secret --dry-run + [ "$status" -eq 0 ] +} diff --git a/tests/test_remove.bats b/tests/test_remove.bats index 0135e259..8bd96d64 100644 --- a/tests/test_remove.bats +++ b/tests/test_remove.bats @@ -5,42 +5,71 @@ load _test_base FIRST_FILE="file_to_hide1" SECOND_FILE="file_to_hide2" -# There was a bug with `sed` an slashes: -# see https://github.com/sobolevn/git-secret/issues/23 FOLDER="somedir" FILE_IN_FOLDER="${FOLDER}/file_to_hide3" function setup { - install_fixture_full_key "$TEST_DEFAULT_USER" + install_fixture_key "$TEST_DEFAULT_USER" + set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" set_state_secret_add "$FIRST_FILE" "somecontent" set_state_secret_add "$SECOND_FILE" "somecontent2" + set_state_secret_hide } function teardown { - uninstall_fixture_full_key "$TEST_DEFAULT_USER" + uninstall_fixture_key "$TEST_DEFAULT_USER" unset_current_state - rm -f "$FIRST_FILE" "$SECOND_FILE" - # This needs to be cleaned + # This also needs to be cleaned: + rm -f "$FIRST_FILE" "$SECOND_FILE" rm -rf "$FOLDER" } -@test "run 'remove' normally" { - git secret hide +function _has_line { + local result=$(grep -q "$1" "$SECRETS_DIR_PATHS_MAPPING"; echo $?) + echo "$result" +} + +@test "run 'remove' normally" { run git secret remove "$SECOND_FILE" [ "$status" -eq 0 ] - local mapping_contains=$(grep "$SECOND_FILE" "$SECRETS_DIR_PATHS_MAPPING"; echo $?) + # Mapping should not contain the second file: + local mapping_contains=$(_has_line "$SECOND_FILE") [ "$mapping_contains" -eq 1 ] + # But the first file must not change: + local other_files=$(_has_line "$FIRST_FILE") + [ "$other_files" -eq 0 ] + + # Both files should be present: + local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE) + local second_enctypted_file=$(_get_encrypted_filename $SECOND_FILE) + + [ -f "$first_enctypted_file" ] + [ -f "$second_enctypted_file" ] +} + + +@test "run 'remove' with multiple arguments" { + run git secret remove "$FIRST_FILE" "$SECOND_FILE" + [ "$status" -eq 0 ] + + local first_line=$(_has_line "$FIRST_FILE") + [ "$first_line" -eq 1 ] + + local second_line=$(_has_line "$SECOND_FILE") + [ "$second_line" -eq 1 ] + + # Both files should be present: local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE) local second_enctypted_file=$(_get_encrypted_filename $SECOND_FILE) @@ -50,14 +79,19 @@ function teardown { @test "run 'remove' with slashes in filename" { + # There was a bug with `sed` an slashes: + # see https://github.com/sobolevn/git-secret/issues/23 + + # Prepartions: mkdir -p "$FOLDER" set_state_secret_add "$FILE_IN_FOLDER" "somecontent3" - git secret hide + set_state_secret_hide # runing hide again to hide new data + # Now it should remove filename with slashes from the mapping: run git secret remove "$FILE_IN_FOLDER" [ "$status" -eq 0 ] - local mapping_contains=$(grep "$FILE_IN_FOLDER" "$SECRETS_DIR_PATHS_MAPPING"; echo $?) + local mapping_contains=$(_has_line "$FILE_IN_FOLDER") [ "$mapping_contains" -eq 1 ] local enctypted_file=$(_get_encrypted_filename $FILE_IN_FOLDER) @@ -65,14 +99,14 @@ function teardown { } -@test "run 'remove -c'" { +@test "run 'remove' with '-c'" { git secret hide run git secret remove -c "$SECOND_FILE" echo "$output" [ "$status" -eq 0 ] - local mapping_contains=$(grep "$SECOND_FILE" "$SECRETS_DIR_PATHS_MAPPING"; echo $?) + local mapping_contains=$(_has_line "$SECOND_FILE") [ "$mapping_contains" -eq 1 ] local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE) diff --git a/tests/test_reveal.bats b/tests/test_reveal.bats index 32dde2e7..f88977dc 100644 --- a/tests/test_reveal.bats +++ b/tests/test_reveal.bats @@ -11,6 +11,7 @@ FINGERPRINT="" function setup { FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER") + set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" @@ -22,6 +23,7 @@ function setup { function teardown { uninstall_fixture_full_key "$TEST_DEFAULT_USER" "$FINGERPRINT" unset_current_state + rm -f "$FILE_TO_HIDE" } @@ -63,32 +65,58 @@ function teardown { @test "run 'reveal' for attacker" { + # Preparations rm -f "$FILE_TO_HIDE" - local attacker="attacker1" - local atacker_fingerprint=$(install_fixture_full_key "$attacker") + local atacker_fingerprint=$(install_fixture_full_key "$TEST_ATTACKER_USER") + local password=$(test_user_password "$TEST_ATTACKER_USER") - local password=$(test_user_password "$attacker") run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password" + # This should fail, nothing should be created: [ "$status" -eq 2 ] [ ! -f "$FILE_TO_HIDE" ] - uninstall_fixture_full_key "$attacker" "$atacker_fingerprint" + # Cleaning up: + uninstall_fixture_full_key "$TEST_ATTACKER_USER" "$atacker_fingerprint" } -@test "run 'reveal' for multiple users" { - local new_user="user2" - install_fixture_full_key "$new_user" - set_state_secret_tell "$new_user" +@test "run 'reveal' for multiple users (with key deletion)" { + # Preparations: + local second_fingerprint=$(install_fixture_full_key "$TEST_SECOND_USER") + local password=$(test_user_password "$TEST_SECOND_USER") + set_state_secret_tell "$TEST_SECOND_USER" set_state_secret_hide + # We are removing a secret key of the first user to be sure + # that it is not used in decryption: uninstall_fixture_full_key "$TEST_DEFAULT_USER" "$FINGERPRINT" - local password=$(test_user_password "$new_user") + # Testing: + run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password" + + [ "$status" -eq 0 ] + [ -f "$FILE_TO_HIDE" ] + + # Cleaning up: + uninstall_fixture_full_key "$TEST_SECOND_USER" "$second_fingerprint" +} + + +@test "run 'reveal' for multiple users (normally)" { + # Preparations: + local second_fingerprint=$(install_fixture_full_key "$TEST_SECOND_USER") + local password=$(test_user_password "$TEST_SECOND_USER") + set_state_secret_tell "$TEST_SECOND_USER" + set_state_secret_hide + + # Testing: run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password" [ "$status" -eq 0 ] [ -f "$FILE_TO_HIDE" ] + + # Cleaning up: + uninstall_fixture_full_key "$TEST_SECOND_USER" "$second_fingerprint" } diff --git a/tests/test_reveal_filename.bats b/tests/test_reveal_filename.bats index 279a19f3..75f0607e 100644 --- a/tests/test_reveal_filename.bats +++ b/tests/test_reveal_filename.bats @@ -12,6 +12,7 @@ OLD_SECRETS_EXTENSION="" function setup { FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER") + set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" diff --git a/tests/test_tell.bats b/tests/test_tell.bats index da5e1804..45e35bf8 100644 --- a/tests/test_tell.bats +++ b/tests/test_tell.bats @@ -5,6 +5,8 @@ load _test_base function setup { install_fixture_key "$TEST_DEFAULT_USER" + + set_state_initial set_state_git set_state_secret_init } @@ -16,12 +18,23 @@ function teardown { } -function git_secret_tell_test { - git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER" +@test "fail on no users" { + run _user_required + [ "$status" -eq 1 ] } -@test "fail on no users" { +@test "constantly fail on no users" { + # We had a serious bug with _user_required, + # see this link for the details: + # https://github.com/sobolevn/git-secret/issues/74 + + # Preparations: + git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER" + git secret killperson "$TEST_DEFAULT_USER" + + # It was showing something like `tru::1:1289775241:0:2:1:6` + # after the preparations done and the error was not generated. run _user_required [ "$status" -eq 1 ] } @@ -32,7 +45,7 @@ function git_secret_tell_test { echo "private key" > "$private_key" [ -s "$private_key" ] - run git_secret_tell_test + run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER" [ "$status" -eq 1 ] } @@ -40,7 +53,7 @@ function git_secret_tell_test { @test "run 'tell' without '.gitsecret'" { rm -rf "$SECRETS_DIR" - run git_secret_tell_test + run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER" [ "$status" -eq 1 ] } @@ -52,15 +65,20 @@ function git_secret_tell_test { @test "run 'tell' normally" { - run git_secret_tell_test + run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER" [ "$status" -eq 0 ] + # Testing that now user is found: run _user_required [ "$status" -eq 0 ] + + # Testing that now user is in the list of people who knows the secret: + run git secret whoknows + [[ "$output" == *"$TEST_DEFAULT_USER"* ]] } -@test "run 'tell -m'" { +@test "run 'tell' with '-m'" { email=$(test_user_email $TEST_DEFAULT_USER) git_set_config_email "$email" @@ -69,8 +87,32 @@ function git_secret_tell_test { } -@test "run 'tell -m' with empty email" { - git_set_config_email "" +@test "run 'tell' with '-m' (empty email)" { + # Prepartions: + git_set_config_email "" # now it should not allow to add yourself + run git secret tell -d "$TEST_GPG_HOMEDIR" -m [ "$status" -eq 1 ] } + + +@test "run 'tell' with multiple emails" { + # Preparations: + install_fixture_key "$TEST_SECOND_USER" + + # Testing the command iteself: + run git secret tell -d "$TEST_GPG_HOMEDIR" \ + "$TEST_DEFAULT_USER" "$TEST_SECOND_USER" + + [ "$status" -eq 0 ] + + # Testing that these users are presented in the + # list of people who knows secret: + run git secret whoknows + + [[ "$output" == *"$TEST_DEFAULT_USER"* ]] + [[ "$output" == *"$TEST_SECOND_USER"* ]] + + # Cleaning up: + uninstall_fixture_key "$TEST_SECOND_USER" +} diff --git a/tests/test_usage.bats b/tests/test_usage.bats index 7a7c45e0..34712518 100644 --- a/tests/test_usage.bats +++ b/tests/test_usage.bats @@ -4,6 +4,7 @@ load _test_base function setup { + set_state_initial set_state_git } diff --git a/tests/test_whoknows.bats b/tests/test_whoknows.bats index c204cad9..2b18e36e 100644 --- a/tests/test_whoknows.bats +++ b/tests/test_whoknows.bats @@ -5,24 +5,40 @@ load _test_base function setup { install_fixture_key "$TEST_DEFAULT_USER" - install_fixture_key "user2" + install_fixture_key "$TEST_SECOND_USER" + set_state_initial set_state_git set_state_secret_init set_state_secret_tell "$TEST_DEFAULT_USER" - set_state_secret_tell "user2" + set_state_secret_tell "$TEST_SECOND_USER" } function teardown { - uninstall_fixture_key $TEST_DEFAULT_USER + uninstall_fixture_key "$TEST_DEFAULT_USER" + uninstall_fixture_key "$TEST_SECOND_USER" unset_current_state - - rm -f "$FILE_TO_HIDE" } @test "run 'whoknows' normally" { run git secret whoknows [ "$status" -eq 0 ] + + # Now test the output, both users should be present: + [[ "$output" == *"$TEST_DEFAULT_USER"* ]] + [[ "$output" == *"$TEST_SECOND_USER"* ]] +} + + +@test "run 'whoknows' without any users" { + # Preparations, removing users: + local email1=$(test_user_email "$TEST_DEFAULT_USER") + local email2=$(test_user_email "$TEST_SECOND_USER") + git secret killperson "$email1" "$email2" + + # Now whoknows should raise an error: there are no users. + run git secret whoknows + [ "$status" -eq 1 ] } diff --git a/utils/rpm/rpm-ci.sh b/utils/rpm/rpm-ci.sh index 4bb7c4ac..1f2e38f6 100644 --- a/utils/rpm/rpm-ci.sh +++ b/utils/rpm/rpm-ci.sh @@ -16,6 +16,9 @@ RPM_FILE_LOCATION=$(locate_rpm) # Integration tests function integration_tests { + # Note that `dnf` must be installed. + # CentOS 6 does not support `dnf`. + # Installing the package: dnf install -y "$RPM_FILE_LOCATION"