From e3fe3b4222b4880c58324fcb3d5863b5e03ea15b Mon Sep 17 00:00:00 2001 From: sobolevn Date: Thu, 1 Jun 2017 14:01:41 +0300 Subject: [PATCH] Adds documentation update Documentation: 1. Adds security note, closes #78 2. Adds a tweak about `random_seed` and `.gitsecret/`, closes #93 3. Adds `git --version` into issue tamplate, closes #95 4. Improves `README.md`, refs #79 --- .github/ISSUE_TEMPLATE.md | 2 ++ README.md | 16 ++++++++++------ man/man7/git-secret.7.ronn | 16 +++++++++++++++- src/_utils/_git_secret_tools.sh | 2 +- src/main.sh | 3 ++- 5 files changed, 30 insertions(+), 9 deletions(-) diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index e7941f3a..3372b92f 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -30,6 +30,8 @@ What versions of software are you using? **`git-secret` version:** (`git secret --version`) … +**`git` version:** (`git --version`) … + **Shell type and version:** (`$SHELL --version`) … **`gpg` version:** (`gpg --version`) … diff --git a/README.md b/README.md index 6cdf6e7a..f92cfd31 100644 --- a/README.md +++ b/README.md @@ -12,21 +12,25 @@ [![git-secret terminal preview](https://asciinema.org/a/41811.png)](https://asciinema.org/a/41811?autoplay=1) -## Usage +## Installation -See the [git-secret site](http://git-secret.io/). +`git-secret` supports `brew`, just type: `brew install git-secret` -## Installation +It also supports `apt` and `yum`. You can also use `make` if you want to. -See the [installation section](http://git-secret.io/#installation). +See the [installation section](http://git-secret.io/installation) for the details. ## Contributing -See [CONTRIBUTING.md](CONTRIBUTING.md). +Do you want to help the project? Find an [issue](https://github.com/sobolevn/git-secret/issues) and send a PR. It is more than welcomed! See [CONTRIBUTING.md](CONTRIBUTING.md) on how to do that. + +### Security + +If you found any security related issues, please do not enclose it in public. Send an email to `security@wemake.services` ## Changelog -See [CHANGELOG.md](CHANGELOG.md). +`git-secret` uses semver. See [CHANGELOG.md](CHANGELOG.md). ## License diff --git a/man/man7/git-secret.7.ronn b/man/man7/git-secret.7.ronn index ec04aae3..e56ae712 100644 --- a/man/man7/git-secret.7.ronn +++ b/man/man7/git-secret.7.ronn @@ -1,4 +1,5 @@ ## Usage + These steps cover the basic process of using `git-secret`: 0. Before starting, make sure you have created `gpg` RSA key-pair: public and secret key identified by your email address. @@ -9,6 +10,7 @@ These steps cover the basic process of using `git-secret`: 5. Now decrypt files with `git secret reveal` command. It will ask you for your password. And you're done! ### I want to add someone to the repository + 1. Get his `gpg` public-key. **You won't need their secret key.** 2. Import this key inside your `gpg` by running `gpg --import KEY_NAME` 3. Now add this person to the `git-secret` by running `git secret tell persons@email.id` @@ -17,9 +19,21 @@ These steps cover the basic process of using `git-secret`: Note, that it is possible to add yourself to the system without decrypting existing files. It will be possible to decrypt them after reencrypting them with the new keyring. So, if you don't want unexpected keys added, make sure to configure some server-side security policy with the `pre-receive` hook. ## Configuration + You can configure several things to suit your workflow better. To do so, just set the required variable to the value you need. This can be done in your shell environment file or with the each `git-secret` command. These settings are available to be changed: -* `$SECRETS_GPG_COMMAND` - sets the `gpg` alternatives, defaults to `gpg`. It can be changed to `gpg`, `gpg2`, `pgp`, `/usr/local/gpg` or any other value. After doing so rerun tests to be sure, that it won't break anything. Tested to be working with: `gpg`, `gpg2`. +* `$SECRETS_GPG_COMMAND` - sets the `gpg` alternatives, defaults to `gpg`. It can be changed to `gpg`, `gpg2`, `pgp`, `/usr/local/gpg` or any other value. After doing so rerun the tests to be sure, that it won't break anything. Tested to be working with: `gpg`, `gpg2`. * `$SECRETS_EXTENSION` - sets the secret files extension, defaults to `.secret`. It can be changed to any valid file extension. + +## Internals + +### `.gitsecret` folder + +This folder contains every piece of information about the project. It stores: + +* public keys for the project +* path mappings. Or in other words: what files are tracked to be hidden and revealed + +This folder should not be ignored. In case it is application would not work raising an error: `'.gitsecret/' is ignored. abort.'`. However, it is possible to ignore [individual files](https://github.com/sobolevn/git-secret/issues/93) inside it: `random_seed` would be the most popular example. diff --git a/src/_utils/_git_secret_tools.sh b/src/_utils/_git_secret_tools.sh index 6b970d17..d34edcb6 100644 --- a/src/_utils/_git_secret_tools.sh +++ b/src/_utils/_git_secret_tools.sh @@ -454,7 +454,7 @@ function _secrets_dir_exists { function _secrets_dir_is_not_ignored { - # This function checks that "${_SECRETS_DIR}" is not ignored. + # This function checks that "$_SECRETS_DIR" is not ignored. local git_secret_dir git_secret_dir=$(_get_secrets_dir) diff --git a/src/main.sh b/src/main.sh index 8378acc3..f4f52eaf 100755 --- a/src/main.sh +++ b/src/main.sh @@ -19,7 +19,8 @@ function _check_setup { local secring="$keys_dir/secring.gpg" if [[ -f $secring ]] && [[ -s $secring ]]; then - # secring.gpg is not empty, someone has imported a private key. + # secring.gpg exists and is not empty, + # someone has imported a private key. _abort 'it seems that someone has imported a secret key.' fi }