|
|
|
@ -6,9 +6,9 @@ These steps cover the basic process of using `git-secret`:
|
|
|
|
|
1. Begin with an existing or new git repository. You'll use the 'git secret' commands to add the keyrings and information
|
|
|
|
|
to make the git-secret hide and reveal files in this repository.
|
|
|
|
|
2. Initialize the `git-secret` repository by running `git secret init` command. the `.gitsecret/` folder will be created,
|
|
|
|
|
**Note** that the contents of the `.gitsecret/` folder should all be checked in, with the exception of the random_seed file.
|
|
|
|
|
In other words, only the random_seen file should be mentioned in your .gitignore file]
|
|
|
|
|
3. Add first user to the git-secret repo keyring by running `git secret tell your@gpg.email`.
|
|
|
|
|
**Note** all the contents of the `.gitsecret/` folder should be checked in, /except/ the `random_seed` file.
|
|
|
|
|
In other words, of the files in .gitsecret, only the random_seed file should be mentioned in your .gitignore file.
|
|
|
|
|
3. Add the first user to the git-secret repo keyring by running `git secret tell your@gpg.email`.
|
|
|
|
|
4. Now it's time to add files you wish to encrypt inside the `git-secret` repository.
|
|
|
|
|
It can be done by running `git secret add <filenames...>` command. Make sure these files are ignored by mentions in
|
|
|
|
|
.gitignore, otherwise `git-secret` won't allow you to add them, as these files could be stored unencrypted.
|
|
|
|
@ -33,11 +33,11 @@ Now the newly added user be able to decrypt the files in the repo using `git-sec
|
|
|
|
|
|
|
|
|
|
Note that it is possible to add yourself to the git-secret repo without decrypting existing files.
|
|
|
|
|
It will be possible to decrypt them after reencrypting them with the new keyring. So, if you don't
|
|
|
|
|
want unexpected keys added, make sure to configure some server-side security policy with the `pre-receive` hook.
|
|
|
|
|
want unexpected keys added, you can configure some server-side security policy with the `pre-receive` hook.
|
|
|
|
|
|
|
|
|
|
## Configuration
|
|
|
|
|
|
|
|
|
|
You can configure the version of gpg used, or the extension your encrypted files uses, to suit your workflow better.
|
|
|
|
|
You can configure the version of gpg used, or the extension your encrypted files use, to suit your workflow better.
|
|
|
|
|
To do so, just set the required variable to the value you need.
|
|
|
|
|
This can be done in your shell environment file or with each `git-secret` command.
|
|
|
|
|
|
|
|
|
|