Merge pull request #251 from joshrabinowitz/secrets-dir-docs-tests-250

Secrets dir docs and tests for #250

man/man1/git-secret-add.1.ronn

@@ -7,7 +7,8 @@ git-secret-add - starts to track added files.
 
 
 ## DESCRIPTION
-`git-secret-add` adds a filepath(es) into `.gitsecret/paths/mapping.cfg`. 
+`git-secret-add` adds a filepath(s) into `.gitsecret/paths/mapping.cfg`. 
+
 When adding files to encrypt, ensure that they are ignored by `git` by mentioning 
 them in .gitignore, since they must be secure and not be committed into the remote repository unencrypted.
 
@@ -16,6 +17,8 @@ If there's no users in the `git-secret`'s keyring, when adding a file, an except
 Use the `git secret add` command to add filenames to this file.  
 It is not recommended to add filenames directly into `.gitsecret/paths/mapping.cfg`.
 
+(See [git-secret(7)](http://git-secret.io/git-secret) for information about renaming the .gitsecret
+folder using the SECRETS_DIR environment variable.
 
 ## OPTIONS
 

man/man1/git-secret-hide.1.ronn

@@ -14,6 +14,9 @@ Now anyone enabled via 'git secret tell' can can decrypt these files. Under the
 
 It is possible to modify the names of the encrypted files by setting `SECRETS_EXTENSION` variable.
 
+(See [git-secret(7)](http://git-secret.io/git-secret) for information about renaming the .gitsecret
+folder using the SECRETS_DIR environment variable.
+
 
 ## OPTIONS
 

man/man1/git-secret-init.1.ronn

@@ -10,6 +10,9 @@ git-secret-init - initializes git-secret repository.
 `git-secret-init` should be run inside a `git` repo to set up the .gitsecret directory and initialize the repo for git-secret.
 Until repository is initialized with `git secret init`, all other `git-secret` commands are unavailable.
 
+(See [git-secret(7)](http://git-secret.io/git-secret) for information about renaming the .gitsecret
+folder using the SECRETS_DIR environment variable.
+
 
 ## OPTIONS
 

man/man1/git-secret-list.1.ronn

@@ -9,6 +9,9 @@ git-secret-list - prints all the added files.
 ## DESCRIPTION
 `git-secret-list` prints all the currently added tracked files from the `.gitsecret/paths/mapping.cfg`.
 
+(See [git-secret(7)](http://git-secret.io/git-secret) for information about renaming the .gitsecret
+folder using the SECRETS_DIR environment variable.
+
 
 ## OPTIONS
 

man/man1/git-secret-remove.1.ronn

@@ -11,6 +11,9 @@ git-secret-remove - removes files from index.
 so they won't be encrypted or decrypted in the future. 
 There's also a -c option to delete existing encrypted versions of the files provided.
 
+(See [git-secret(7)](http://git-secret.io/git-secret) for information about renaming the .gitsecret
+folder using the SECRETS_DIR environment variable.
+
 
 ## OPTIONS
 

man/man1/git-secret-reveal.1.ronn

@@ -12,6 +12,9 @@ You will need to have imported the paired secret-key with one of the
 public-keys which were used in the encryption.
 Under the hood, this uses the `gpg --decrypt` command. 
 
+(See [git-secret(7)](http://git-secret.io/git-secret) for information about renaming the .gitsecret
+folder using the SECRETS_DIR environment variable.
+
 
 ## OPTIONS
 

man/man7/git-secret.7.ronn

@@ -58,15 +58,20 @@ After doing so rerun the tests to be sure that it won't break anything. Tested t
 
 * `$SECRETS_EXTENSION` - sets the secret files extension, defaults to `.secret`. It can be changed to any valid file extension.
 
-## The `.gitsecret` folder
+* `$SECRETS_DIR` - sets the directory where git-secret stores its files, defaults to .gitsecret. 
+It can be changed to any valid directory name.
+
+## The `.gitsecret` folder (can be overridden with SECRETS_DIR)
 
 This folder contains information about the files encrypted by git-secret, 
 and about which public/private key sets can access the encrypted data. 
 
+You can change the name of this directory using the SECRETS_DIR environment variable.
+
 Use the various 'git secret' commands to manipulate the files in `.gitsecret`, 
 you should not change the data in these files directly.
 
-Exactly which files exist in the .gitsecret folder and what their contents are
+Exactly which files exist in the `.gitsecret` folder and what their contents are
 vary slightly across different versions of gpg. Thus it is best to use
 git-secret with the same version of gpg being used by all users. 
 This can be forced using SECRETS_GPG_COMMAND environment variable.
@@ -90,3 +95,5 @@ This directory contains data used by git-secret and PGP to allow and maintain th
 
 Generally speaking, all the files in this directory *except* `random_seed` should be checked into your repo.  
 By default, `git secret init` will add the file `.gitsecret/keys/random_seed` to your .gitignore file.
+
+Again, you can change the name of this directory using the SECRETS_DIR environment variable.

src/_utils/_git_secret_tools.sh

@@ -1,7 +1,9 @@
 #!/usr/bin/env bash
 
 # Folders:
-_SECRETS_DIR=${SECRETS_DIR:-".gitsecret"}
+_SECRETS_DIR=${SECRETS_DIR:-".gitsecret"}   
+# if SECRETS_DIR env var is set, use that instead of .gitsecret
+# for full path to secrets dir, use _get_secrets_dir() from _git_secret_tools.sh
 _SECRETS_DIR_KEYS="${_SECRETS_DIR}/keys"
 _SECRETS_DIR_PATHS="${_SECRETS_DIR}/paths"
 
@@ -368,7 +370,7 @@ function _is_tracked_in_git {
 
 function _get_git_root_path {
   # We need this function to get the location of the `.git` folder,
-  # since `.gitsecret` must be on the same level.
+  # since `.gitsecret` (or value set by SECRETS_DIR env var) must be on the same level.
 
   local result
   result=$(git rev-parse --show-toplevel)

src/main.sh

@@ -10,7 +10,7 @@ function _check_setup {
     _abort "not in dir with git repo. Use 'git init' or 'git clone', then in repo use 'git secret init'"
   fi
 
-  # Checking if the '.gitsecret' is not ignored:
+  # Checking if the '.gitsecret' dir (or as set by SECRETS_DIR) is not ignored:
   _secrets_dir_is_not_ignored
 
   # Checking gpg setup:

tests/test_changes.bats

@@ -96,8 +96,13 @@ function teardown {
   run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password"
   [ "$status" -eq 0 ]
 
+  #echo "# output is '$output'" >&3
+  #echo "# " >&3
+
   # Testing that output has both filename and changes:
   local fullpath=$(_append_root_path "$FILE_TO_HIDE")
+  #echo "# fullpath is $fullpath" >&3
+
   [[ "$output" == *"changes in $fullpath"* ]]
   [[ "$output" == *"+$new_content"* ]]
 

tests/test_init.bats

@@ -14,6 +14,12 @@ function teardown {
 }
 
 
+@test "secrets dir env var set as expected" {
+  _TEST_SECRETS_DIR=${SECRETS_DIR:-".gitsecret"}   
+  [ "${_TEST_SECRETS_DIR}" = "${_SECRETS_DIR}" ]
+}
+
+
 @test "run 'init' without '.git'" {
   remove_git_repository
 

tests/test_usage.bats

@@ -28,9 +28,15 @@ function teardown {
 }
 
 
-@test "run 'usage' with ignored '.gitsecret/'" {
+#_SECRETS_DIR=${SECRETS_DIR:-".gitsecret"}   
-  echo ".gitsecret" >> ".gitignore"
+@test "run 'usage' with ignored '${_SECRETS_DIR}'" {
+  echo "${_SECRETS_DIR}" >> ".gitignore"
+  
+  echo "# clear-line-output" >&3
+  echo "# SECRETS_DIR is ${_SECRETS_DIR}" >&3
 
   run git secret usage
+  echo "# git secret usage -> status $status" >&3
+
   [ "$status" -eq 1 ]
 }

utils/tests.sh

@@ -7,6 +7,8 @@ set -e
 # Running all the bats-tests in a dir with spaces:
 cd "${SECRET_PROJECT_ROOT}"; rm -rf 'tempdir with spaces'; mkdir 'tempdir with spaces'; cd 'tempdir with spaces';
 
+export SECRETS_DIR=.gitsecret-testdir
+
 # bats expects diagnostic lines to be sent to fd 3, matching reges '^ #' (IE, like: `echo '# message here' >&3`)
 # bats ... 3>&1 shows diagnostic output when errors occur.
 bats "${SECRET_PROJECT_ROOT}/tests/" 3>&1