mirror of
https://github.com/sobolevn/git-secret
synced 2024-10-31 21:20:29 +00:00
documentation update
This commit is contained in:
sobolevn
parent
d694380764
commit
f081e19e3c
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-add'
|
||||
date: 2016-02-24 00:54:52 +0300
|
||||
date: 2016-02-24 13:57:36 +0300
|
||||
categories: command
|
||||
---
|
||||
git-secret-add - starts to track added files.
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-clean'
|
||||
date: 2016-02-24 00:54:52 +0300
|
||||
date: 2016-02-24 13:57:36 +0300
|
||||
categories: command
|
||||
---
|
||||
git-secret-clean - removes all the hidden files.
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-hide'
|
||||
date: 2016-02-24 00:54:52 +0300
|
||||
date: 2016-02-24 13:57:36 +0300
|
||||
categories: command
|
||||
---
|
||||
git-secret-hide - encrypts all added files with the inner keyring.
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-init'
|
||||
date: 2016-02-24 00:54:52 +0300
|
||||
date: 2016-02-24 13:57:36 +0300
|
||||
categories: command
|
||||
---
|
||||
git-secret-init - initializes git-secret repository.
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-killperson'
|
||||
date: 2016-02-24 00:54:52 +0300
|
||||
date: 2016-02-24 13:57:36 +0300
|
||||
categories: command
|
||||
---
|
||||
git-secret-killperson - deletes key identified by an email from the inner keyring.
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-list'
|
||||
date: 2016-02-24 00:54:52 +0300
|
||||
date: 2016-02-24 13:57:36 +0300
|
||||
categories: command
|
||||
---
|
||||
git-secret-list - prints all the added files.
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-remove'
|
||||
date: 2016-02-24 00:54:52 +0300
|
||||
date: 2016-02-24 13:57:36 +0300
|
||||
categories: command
|
||||
---
|
||||
git-secret-remove - removes files from index.
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-reveal'
|
||||
date: 2016-02-24 00:54:52 +0300
|
||||
date: 2016-02-24 13:57:36 +0300
|
||||
categories: command
|
||||
---
|
||||
git-secret-reveal - decrypts all added files.
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-tell'
|
||||
date: 2016-02-24 00:54:52 +0300
|
||||
date: 2016-02-24 13:57:36 +0300
|
||||
categories: command
|
||||
---
|
||||
git-secret-tell - adds a person, who can access a private data.
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-usage'
|
||||
date: 2016-02-24 00:54:52 +0300
|
||||
date: 2016-02-24 13:57:36 +0300
|
||||
categories: command
|
||||
---
|
||||
git-secret-usage - prints all the available commands.
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret-whoknows'
|
||||
date: 2016-02-24 00:54:52 +0300
|
||||
date: 2016-02-24 13:57:36 +0300
|
||||
categories: command
|
||||
---
|
||||
git-secret-whoknows - prints email-labels for each key in the keyring.
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
layout: post
|
||||
title: 'git-secret'
|
||||
date: 2016-02-24 00:54:52 +0300
|
||||
date: 2016-02-24 13:57:36 +0300
|
||||
categories: usage
|
||||
---
|
||||
## Intro
|
||||
@ -9,13 +9,15 @@ categories: usage
|
||||
There's a known problem in server configuration and deploying, when you have to store your private data such as: database passwords, application secret-keys, OAuth secret keys and so on, outside of the git repository. Even if this repository is private, it is a security risk to just publish them into the world wide web. What are the drawbacks of storing them separately?
|
||||
|
||||
1. These files are not version controlled. Filenames change, locations change, passwords change from time to time, some new information appears, other is removed. And you can not tell for sure which version of the configuration file was used with each commit.
|
||||
2. When building the automated deploing system there will be one extra step: download and place these secret-configuration files where it needs to be. So you have to maintain an extra secure location, where everything is stored.
|
||||
2. When building the automated deploment system there will be one extra step: download and place these secret-configuration files where they need to be. So you have to maintain an extra secure server, where everything is stored.
|
||||
|
||||
### How does `git-secret` solve these problems?
|
||||
|
||||
### How does `git-secret` solves these problems?
|
||||
1. `git-secret` encrypts files and stores them inside the `git` repository, so you will have all the changes for every commit.
|
||||
2. `git-secret` doesn't require any other deploy operations rather than `git secret reveal`, so it will automatically decrypt all the required files.
|
||||
|
||||
### What is `git-secret`?
|
||||
|
||||
`git-secret` is a bash tool to store your private data inside a `git` repo. How's that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why to deal with all these private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete his public key, reencrypt the files, and he won't be able to decrypt secrets anymore.
|
||||
|
||||
## Installation
|
||||
|
||||
Binary file not shown.
@ -3,13 +3,15 @@
|
||||
There's a known problem in server configuration and deploying, when you have to store your private data such as: database passwords, application secret-keys, OAuth secret keys and so on, outside of the git repository. Even if this repository is private, it is a security risk to just publish them into the world wide web. What are the drawbacks of storing them separately?
|
||||
|
||||
1. These files are not version controlled. Filenames change, locations change, passwords change from time to time, some new information appears, other is removed. And you can not tell for sure which version of the configuration file was used with each commit.
|
||||
2. When building the automated deploing system there will be one extra step: download and place these secret-configuration files where it needs to be. So you have to maintain an extra secure location, where everything is stored.
|
||||
2. When building the automated deploment system there will be one extra step: download and place these secret-configuration files where they need to be. So you have to maintain an extra secure server, where everything is stored.
|
||||
|
||||
### How does `git-secret` solve these problems?
|
||||
|
||||
### How does `git-secret` solves these problems?
|
||||
1. `git-secret` encrypts files and stores them inside the `git` repository, so you will have all the changes for every commit.
|
||||
2. `git-secret` doesn't require any other deploy operations rather than `git secret reveal`, so it will automatically decrypt all the required files.
|
||||
|
||||
### What is `git-secret`?
|
||||
|
||||
`git-secret` is a bash tool to store your private data inside a `git` repo. How's that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why to deal with all these private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete his public key, reencrypt the files, and he won't be able to decrypt secrets anymore.
|
||||
|
||||
## Installation
|
||||
|
||||
Loading…
Reference in New Issue
Block a user