diff --git a/man/man1/git-secret-add.1 b/man/man1/git-secret-add.1 index f3208e8c..885e58dc 100644 --- a/man/man1/git-secret-add.1 +++ b/man/man1/git-secret-add.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-ADD" "1" "June 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET\-ADD" "1" "August 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-add\fR \- starts to track added files\. @@ -15,7 +15,10 @@ git secret add [\-i] \.\.\. .fi . .SH "DESCRIPTION" -\fBgit\-secret\-add\fR adds a filepath(es) into \fB\.gitsecret/paths/mapping\.cfg\fR\. When adding files to encrypt, ensure that they are ignored by \fBgit\fR by mentioning them in \.gitignore, since they must be secure and not be committed into the remote repository unencrypted\. +\fBgit\-secret\-add\fR adds a filepath(s) into \fB\.gitsecret/paths/mapping\.cfg\fR\. +. +.P +When adding files to encrypt, ensure that they are ignored by \fBgit\fR by mentioning them in \.gitignore, since they must be secure and not be committed into the remote repository unencrypted\. . .P If there\'s no users in the \fBgit\-secret\fR\'s keyring, when adding a file, an exception will be raised\. @@ -26,6 +29,9 @@ Use the \fBgit secret add\fR command to add filenames to this file\. .br It is not recommended to add filenames directly into \fB\.gitsecret/paths/mapping\.cfg\fR\. . +.P +(See git\-secret(7) \fIhttp://git\-secret\.io/git\-secret\fR for information about renaming the \.gitsecret folder using the SECRETS_DIR environment variable\. +. .SH "OPTIONS" . .nf diff --git a/man/man1/git-secret-add.1.ronn b/man/man1/git-secret-add.1.ronn index 59669c90..6263e2a0 100644 --- a/man/man1/git-secret-add.1.ronn +++ b/man/man1/git-secret-add.1.ronn @@ -7,7 +7,8 @@ git-secret-add - starts to track added files. ## DESCRIPTION -`git-secret-add` adds a filepath(es) into `.gitsecret/paths/mapping.cfg`. +`git-secret-add` adds a filepath(s) into `.gitsecret/paths/mapping.cfg`. + When adding files to encrypt, ensure that they are ignored by `git` by mentioning them in .gitignore, since they must be secure and not be committed into the remote repository unencrypted. @@ -16,6 +17,8 @@ If there's no users in the `git-secret`'s keyring, when adding a file, an except Use the `git secret add` command to add filenames to this file. It is not recommended to add filenames directly into `.gitsecret/paths/mapping.cfg`. +(See [git-secret(7)](http://git-secret.io/git-secret) for information about renaming the .gitsecret +folder using the SECRETS_DIR environment variable. ## OPTIONS diff --git a/man/man1/git-secret-cat.1 b/man/man1/git-secret-cat.1 index 690cb0c5..75da68ee 100644 --- a/man/man1/git-secret-cat.1 +++ b/man/man1/git-secret-cat.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-CAT" "1" "June 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET\-CAT" "1" "August 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-cat\fR \- decrypts files passed on command line to stdout diff --git a/man/man1/git-secret-changes.1 b/man/man1/git-secret-changes.1 index fcdd05c6..a0e4ad1f 100644 --- a/man/man1/git-secret-changes.1 +++ b/man/man1/git-secret-changes.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-CHANGES" "1" "July 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET\-CHANGES" "1" "August 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-changes\fR \- view diff of the hidden files\. diff --git a/man/man1/git-secret-clean.1 b/man/man1/git-secret-clean.1 index 34ddccc1..77a47dcf 100644 --- a/man/man1/git-secret-clean.1 +++ b/man/man1/git-secret-clean.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-CLEAN" "1" "June 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET\-CLEAN" "1" "August 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-clean\fR \- removes all the hidden files\. diff --git a/man/man1/git-secret-hide.1 b/man/man1/git-secret-hide.1 index 0156ece6..08d9aa44 100644 --- a/man/man1/git-secret-hide.1 +++ b/man/man1/git-secret-hide.1 @@ -20,6 +20,9 @@ git secret hide [\-c] [\-P] [\-v] [\-d] [\-m] .P It is possible to modify the names of the encrypted files by setting \fBSECRETS_EXTENSION\fR variable\. . +.P +(See git\-secret(7) \fIhttp://git\-secret\.io/git\-secret\fR for information about renaming the \.gitsecret folder using the SECRETS_DIR environment variable\. +. .SH "OPTIONS" . .nf diff --git a/man/man1/git-secret-hide.1.ronn b/man/man1/git-secret-hide.1.ronn index aa7c63b1..2eab9bea 100644 --- a/man/man1/git-secret-hide.1.ronn +++ b/man/man1/git-secret-hide.1.ronn @@ -14,6 +14,9 @@ Now anyone enabled via 'git secret tell' can can decrypt these files. Under the It is possible to modify the names of the encrypted files by setting `SECRETS_EXTENSION` variable. +(See [git-secret(7)](http://git-secret.io/git-secret) for information about renaming the .gitsecret +folder using the SECRETS_DIR environment variable. + ## OPTIONS diff --git a/man/man1/git-secret-init.1 b/man/man1/git-secret-init.1 index 0a9f1358..758e4a50 100644 --- a/man/man1/git-secret-init.1 +++ b/man/man1/git-secret-init.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-INIT" "1" "June 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET\-INIT" "1" "August 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-init\fR \- initializes git\-secret repository\. @@ -17,6 +17,9 @@ git secret init .SH "DESCRIPTION" \fBgit\-secret\-init\fR should be run inside a \fBgit\fR repo to set up the \.gitsecret directory and initialize the repo for git\-secret\. Until repository is initialized with \fBgit secret init\fR, all other \fBgit\-secret\fR commands are unavailable\. . +.P +(See git\-secret(7) \fIhttp://git\-secret\.io/git\-secret\fR for information about renaming the \.gitsecret folder using the SECRETS_DIR environment variable\. +. .SH "OPTIONS" . .nf diff --git a/man/man1/git-secret-init.1.ronn b/man/man1/git-secret-init.1.ronn index 28c4cb56..220ac14d 100644 --- a/man/man1/git-secret-init.1.ronn +++ b/man/man1/git-secret-init.1.ronn @@ -10,6 +10,9 @@ git-secret-init - initializes git-secret repository. `git-secret-init` should be run inside a `git` repo to set up the .gitsecret directory and initialize the repo for git-secret. Until repository is initialized with `git secret init`, all other `git-secret` commands are unavailable. +(See [git-secret(7)](http://git-secret.io/git-secret) for information about renaming the .gitsecret +folder using the SECRETS_DIR environment variable. + ## OPTIONS diff --git a/man/man1/git-secret-killperson.1 b/man/man1/git-secret-killperson.1 index 30a68b2f..597047a9 100644 --- a/man/man1/git-secret-killperson.1 +++ b/man/man1/git-secret-killperson.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-KILLPERSON" "1" "June 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET\-KILLPERSON" "1" "August 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-killperson\fR \- deletes key identified by an email from the inner keyring\. diff --git a/man/man1/git-secret-list.1 b/man/man1/git-secret-list.1 index db6b8df3..c3ff9fc0 100644 --- a/man/man1/git-secret-list.1 +++ b/man/man1/git-secret-list.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-LIST" "1" "June 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET\-LIST" "1" "August 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-list\fR \- prints all the added files\. @@ -17,6 +17,9 @@ git secret list .SH "DESCRIPTION" \fBgit\-secret\-list\fR prints all the currently added tracked files from the \fB\.gitsecret/paths/mapping\.cfg\fR\. . +.P +(See git\-secret(7) \fIhttp://git\-secret\.io/git\-secret\fR for information about renaming the \.gitsecret folder using the SECRETS_DIR environment variable\. +. .SH "OPTIONS" . .nf diff --git a/man/man1/git-secret-list.1.ronn b/man/man1/git-secret-list.1.ronn index 92ca6674..10750b63 100644 --- a/man/man1/git-secret-list.1.ronn +++ b/man/man1/git-secret-list.1.ronn @@ -9,6 +9,9 @@ git-secret-list - prints all the added files. ## DESCRIPTION `git-secret-list` prints all the currently added tracked files from the `.gitsecret/paths/mapping.cfg`. +(See [git-secret(7)](http://git-secret.io/git-secret) for information about renaming the .gitsecret +folder using the SECRETS_DIR environment variable. + ## OPTIONS diff --git a/man/man1/git-secret-remove.1 b/man/man1/git-secret-remove.1 index 03f14faa..7d2e9e42 100644 --- a/man/man1/git-secret-remove.1 +++ b/man/man1/git-secret-remove.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET\-REMOVE" "1" "June 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET\-REMOVE" "1" "August 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\-remove\fR \- removes files from index\. @@ -17,6 +17,9 @@ git secret remove [\-c] \.\.\. .SH "DESCRIPTION" \fBgit\-secret\-remove\fR deletes files from \fB\.gitsecret/paths/mapping\.cfg\fR, so they won\'t be encrypted or decrypted in the future\. There\'s also a \-c option to delete existing encrypted versions of the files provided\. . +.P +(See git\-secret(7) \fIhttp://git\-secret\.io/git\-secret\fR for information about renaming the \.gitsecret folder using the SECRETS_DIR environment variable\. +. .SH "OPTIONS" . .nf diff --git a/man/man1/git-secret-remove.1.ronn b/man/man1/git-secret-remove.1.ronn index 496eba42..6b28c7fb 100644 --- a/man/man1/git-secret-remove.1.ronn +++ b/man/man1/git-secret-remove.1.ronn @@ -11,6 +11,9 @@ git-secret-remove - removes files from index. so they won't be encrypted or decrypted in the future. There's also a -c option to delete existing encrypted versions of the files provided. +(See [git-secret(7)](http://git-secret.io/git-secret) for information about renaming the .gitsecret +folder using the SECRETS_DIR environment variable. + ## OPTIONS diff --git a/man/man1/git-secret-reveal.1 b/man/man1/git-secret-reveal.1 index 4e60ac59..07a1a015 100644 --- a/man/man1/git-secret-reveal.1 +++ b/man/man1/git-secret-reveal.1 @@ -17,6 +17,9 @@ git secret reveal [\-f] [\-P] [\-d dir] [\-p password] .SH "DESCRIPTION" \fBgit\-secret\-reveal\fR \- decrypts all the files in \fB\.gitsecret/paths/mapping\.cfg\fR\. You will need to have imported the paired secret\-key with one of the public\-keys which were used in the encryption\. Under the hood, this uses the \fBgpg \-\-decrypt\fR command\. . +.P +(See git\-secret(7) \fIhttp://git\-secret\.io/git\-secret\fR for information about renaming the \.gitsecret folder using the SECRETS_DIR environment variable\. +. .SH "OPTIONS" . .nf diff --git a/man/man1/git-secret-reveal.1.ronn b/man/man1/git-secret-reveal.1.ronn index e4b37a98..81e08ac9 100644 --- a/man/man1/git-secret-reveal.1.ronn +++ b/man/man1/git-secret-reveal.1.ronn @@ -12,6 +12,9 @@ You will need to have imported the paired secret-key with one of the public-keys which were used in the encryption. Under the hood, this uses the `gpg --decrypt` command. +(See [git-secret(7)](http://git-secret.io/git-secret) for information about renaming the .gitsecret +folder using the SECRETS_DIR environment variable. + ## OPTIONS diff --git a/man/man7/git-secret.7 b/man/man7/git-secret.7 index 7ce54893..81bc07b2 100644 --- a/man/man7/git-secret.7 +++ b/man/man7/git-secret.7 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "GIT\-SECRET" "7" "July 2018" "sobolevn" "git-secret" +.TH "GIT\-SECRET" "7" "August 2018" "sobolevn" "git-secret" . .SH "NAME" \fBgit\-secret\fR @@ -66,16 +66,22 @@ The settings available to be changed are: .IP "\(bu" 4 \fB$SECRETS_EXTENSION\fR \- sets the secret files extension, defaults to \fB\.secret\fR\. It can be changed to any valid file extension\. . +.IP "\(bu" 4 +\fB$SECRETS_DIR\fR \- sets the directory where git\-secret stores its files, defaults to \.gitsecret\. It can be changed to any valid directory name\. +. .IP "" 0 . -.SH "The \.gitsecret folder" +.SH "The \.gitsecret folder (can be overridden with SECRETS_DIR)" This folder contains information about the files encrypted by git\-secret, and about which public/private key sets can access the encrypted data\. . .P +You can change the name of this directory using the SECRETS_DIR environment variable\. +. +.P Use the various \'git secret\' commands to manipulate the files in \fB\.gitsecret\fR, you should not change the data in these files directly\. . .P -Exactly which files exist in the \.gitsecret folder and what their contents are vary slightly across different versions of gpg\. Thus it is best to use git\-secret with the same version of gpg being used by all users\. This can be forced using SECRETS_GPG_COMMAND environment variable\. +Exactly which files exist in the \fB\.gitsecret\fR folder and what their contents are vary slightly across different versions of gpg\. Thus it is best to use git\-secret with the same version of gpg being used by all users\. This can be forced using SECRETS_GPG_COMMAND environment variable\. . .P Specifically, there is an issue between gpg version 2\.1\.20 and later versions which can cause problems reading and writing keyring files between systems (this shows up in errors like \'gpg: skipped packet of type 12 in keybox\')\. @@ -97,3 +103,6 @@ Generally speaking, all the files in this directory \fIexcept\fR \fBrandom_seed\ . .br By default, \fBgit secret init\fR will add the file \fB\.gitsecret/keys/random_seed\fR to your \.gitignore file\. +. +.P +Again, you can change the name of this directory using the SECRETS_DIR environment variable\. diff --git a/man/man7/git-secret.7.ronn b/man/man7/git-secret.7.ronn index 89b50494..17c99765 100644 --- a/man/man7/git-secret.7.ronn +++ b/man/man7/git-secret.7.ronn @@ -58,15 +58,20 @@ After doing so rerun the tests to be sure that it won't break anything. Tested t * `$SECRETS_EXTENSION` - sets the secret files extension, defaults to `.secret`. It can be changed to any valid file extension. -## The `.gitsecret` folder +* `$SECRETS_DIR` - sets the directory where git-secret stores its files, defaults to .gitsecret. +It can be changed to any valid directory name. + +## The `.gitsecret` folder (can be overridden with SECRETS_DIR) This folder contains information about the files encrypted by git-secret, and about which public/private key sets can access the encrypted data. +You can change the name of this directory using the SECRETS_DIR environment variable. + Use the various 'git secret' commands to manipulate the files in `.gitsecret`, you should not change the data in these files directly. -Exactly which files exist in the .gitsecret folder and what their contents are +Exactly which files exist in the `.gitsecret` folder and what their contents are vary slightly across different versions of gpg. Thus it is best to use git-secret with the same version of gpg being used by all users. This can be forced using SECRETS_GPG_COMMAND environment variable. @@ -90,3 +95,5 @@ This directory contains data used by git-secret and PGP to allow and maintain th Generally speaking, all the files in this directory *except* `random_seed` should be checked into your repo. By default, `git secret init` will add the file `.gitsecret/keys/random_seed` to your .gitignore file. + +Again, you can change the name of this directory using the SECRETS_DIR environment variable. diff --git a/src/_utils/_git_secret_tools.sh b/src/_utils/_git_secret_tools.sh index b567a52e..c397a3cb 100644 --- a/src/_utils/_git_secret_tools.sh +++ b/src/_utils/_git_secret_tools.sh @@ -1,7 +1,9 @@ #!/usr/bin/env bash # Folders: -_SECRETS_DIR=${SECRETS_DIR:-".gitsecret"} +_SECRETS_DIR=${SECRETS_DIR:-".gitsecret"} +# if SECRETS_DIR env var is set, use that instead of .gitsecret +# for full path to secrets dir, use _get_secrets_dir() from _git_secret_tools.sh _SECRETS_DIR_KEYS="${_SECRETS_DIR}/keys" _SECRETS_DIR_PATHS="${_SECRETS_DIR}/paths" @@ -368,7 +370,7 @@ function _is_tracked_in_git { function _get_git_root_path { # We need this function to get the location of the `.git` folder, - # since `.gitsecret` must be on the same level. + # since `.gitsecret` (or value set by SECRETS_DIR env var) must be on the same level. local result result=$(git rev-parse --show-toplevel) diff --git a/src/main.sh b/src/main.sh index 8a8ce59f..fd49647a 100755 --- a/src/main.sh +++ b/src/main.sh @@ -10,7 +10,7 @@ function _check_setup { _abort "not in dir with git repo. Use 'git init' or 'git clone', then in repo use 'git secret init'" fi - # Checking if the '.gitsecret' is not ignored: + # Checking if the '.gitsecret' dir (or as set by SECRETS_DIR) is not ignored: _secrets_dir_is_not_ignored # Checking gpg setup: diff --git a/tests/test_changes.bats b/tests/test_changes.bats index 92cd52ab..eee8ef9e 100644 --- a/tests/test_changes.bats +++ b/tests/test_changes.bats @@ -96,8 +96,13 @@ function teardown { run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password" [ "$status" -eq 0 ] + #echo "# output is '$output'" >&3 + #echo "# " >&3 + # Testing that output has both filename and changes: local fullpath=$(_append_root_path "$FILE_TO_HIDE") + #echo "# fullpath is $fullpath" >&3 + [[ "$output" == *"changes in $fullpath"* ]] [[ "$output" == *"+$new_content"* ]] diff --git a/tests/test_init.bats b/tests/test_init.bats index 79d3fad5..7691a650 100644 --- a/tests/test_init.bats +++ b/tests/test_init.bats @@ -14,6 +14,12 @@ function teardown { } +@test "secrets dir env var set as expected" { + _TEST_SECRETS_DIR=${SECRETS_DIR:-".gitsecret"} + [ "${_TEST_SECRETS_DIR}" = "${_SECRETS_DIR}" ] +} + + @test "run 'init' without '.git'" { remove_git_repository diff --git a/tests/test_usage.bats b/tests/test_usage.bats index 309e8d96..f5aa28bb 100644 --- a/tests/test_usage.bats +++ b/tests/test_usage.bats @@ -28,9 +28,15 @@ function teardown { } -@test "run 'usage' with ignored '.gitsecret/'" { - echo ".gitsecret" >> ".gitignore" +#_SECRETS_DIR=${SECRETS_DIR:-".gitsecret"} +@test "run 'usage' with ignored '${_SECRETS_DIR}'" { + echo "${_SECRETS_DIR}" >> ".gitignore" + + echo "# clear-line-output" >&3 + echo "# SECRETS_DIR is ${_SECRETS_DIR}" >&3 run git secret usage + echo "# git secret usage -> status $status" >&3 + [ "$status" -eq 1 ] } diff --git a/utils/tests.sh b/utils/tests.sh index bbb18eb5..345ceeed 100755 --- a/utils/tests.sh +++ b/utils/tests.sh @@ -7,6 +7,8 @@ set -e # Running all the bats-tests in a dir with spaces: cd "${SECRET_PROJECT_ROOT}"; rm -rf 'tempdir with spaces'; mkdir 'tempdir with spaces'; cd 'tempdir with spaces'; +export SECRETS_DIR=.gitsecret-testdir + # bats expects diagnostic lines to be sent to fd 3, matching reges '^ #' (IE, like: `echo '# message here' >&3`) # bats ... 3>&1 shows diagnostic output when errors occur. bats "${SECRET_PROJECT_ROOT}/tests/" 3>&1