* Rename the "killperson" command to "removeperson"
"killperson" is unnecessarily hostile so change the command name to
"removeperson".
Fixes#684.
* Re-generate man pages
* Update contribution guide
There's no longer any pre-commit hooks so don't mention them.
* Add alias from `killperson` pointing at `removeperson`
* Update git_secret_removeperson.sh
Co-authored-by: Nikita Sobolev <mail@sobolevn.me>
@ -78,28 +78,24 @@ lean heavily on git and widely-used Unix command features instead of re-implemen
### Development Process
### Development Process
1. Firstly, you should setup git-secret's development git hooks with `make install-hooks`
1. Make changes to the git secret files that need to be changed
This will copy the hooks from utils/hooks into .git/hooks/pre-commit and .git/hooks/post-commit
2. Make changes to the git secret files that need to be changed
2. When making changes to any files inside `src/`, for changes to take effect you will need to rebuild the `git-secret` script with `make clean && make build`
3. When making changes to any files inside `src/`, for changes to take effect you will need to rebuild the `git-secret` script with `make clean && make build`
3. Run `shellcheck` against all your changes with `make lint`.
4. Run `shellcheck` against all your changes with `make lint`.
You should also check your changes for spelling errors using 'aspell -c filename'.
You should also check your changes for spelling errors using 'aspell -c filename'.
5. Add an entry to CHANGELOG.md, referring to the related issue # if appropriate
4. Add an entry to CHANGELOG.md, referring to the related issue # if appropriate
6. Change the `man` source file(s) (we write them in markdown) in `man/man1` and `man/man7` to document your changes if appropriate
5. Change the `man` source file(s) (we write them in markdown) in `man/man1` and `man/man7` to document your changes if appropriate
7. Now, add all your files to the commit with `git add --all` and commit changes with `git commit`.
6. Now, add all your files to the commit with `git add --all` and commit changes with `git commit`.
Write a good commit message which explains your work
Write a good commit message which explains your work
8. When running `git commit` the tests will run automatically, your commit will be canceled if they fail.
7. When running `git commit` the tests will run automatically, your commit will be canceled if they fail.
You can run the tests manually with `make clean build test`.
You can run the tests manually with `make clean build test`.
If you want to make a commit and not run the pre- and post-commit hooks, use 'git commit -n'
9. Push to your repository, and make a pull-request against `master` branch. It's ideal to have one commit per pull-request,
8. Push to your repository, and make a pull-request against `master` branch. It's ideal to have one commit per pull-request,
but don't worry, it's easy to `squash` PRs into a small number of commits when they're merged.
but don't worry, it's easy to `squash` PRs into a small number of commits when they're merged.
\fBgit\-secret\-killperson\fR\- deletes key identified by an email from the inner keyring\.
\fBgit\-secret\-removeperson\fR\- deletes key identified by an email from the inner keyring\.
.
.
.SH"SYNOPSIS"
.SH"SYNOPSIS"
.
.
.nf
.nf
git secret killperson <emails>\.\.\.
git secret removeperson <emails>\.\.\.
.
.
.fi
.fi
.
.
.SH"DESCRIPTION"
.SH"DESCRIPTION"
This command removes the keys associated with the selected email addresses from the keyring\. If you remove a keypair\'s access with \fBgit\-secret\-killperson\fR, and run \fBgit\-secret\-reveal\fR and \fBgit\-secret\-hide \-r\fR, it will be impossible for given users to decrypt the hidden files\.
This command removes the keys associated with the selected email addresses from the keyring\. If you remove a keypair\'s access with \fBgit\-secret\-removeperson\fR, and run \fBgit\-secret\-reveal\fR and \fBgit\-secret\-hide \-r\fR, it will be impossible for given users to decrypt the hidden files\.
.
.
.SH"OPTIONS"
.SH"OPTIONS"
.
.
@ -26,7 +26,7 @@ This command removes the keys associated with the selected email addresses from
.fi
.fi
.
.
.SH"MANUAL"
.SH"MANUAL"
Run \fBman git\-secret\-killperson\fR to see this note\.
Run \fBman git\-secret\-removeperson\fR to see this note\.
\fBgit\-secret\fR\- bash tool to store private data inside a git repo\.
\fBgit\-secret\fR\- bash tool to store private data inside a git repo\.
@ -13,7 +13,7 @@ These steps cover the basic process of using \fBgit\-secret\fR:
Before starting, \fImake sure you have created a \fBgpg\fR RSA key\-pair\fR: a public and a secret key identified by your email address\.
Before starting, \fImake sure you have created a \fBgpg\fR RSA key\-pair\fR: a public and a secret key identified by your email address\.
.
.
.IP"2."4
.IP"2."4
Begin with an existing or new git repository\. You\'ll use the \'gitsecret\' commands to add the keyrings and information to make \fBgit\-secret\fR hide and reveal files in this repository\.
Begin with an existing or new git repository\. You\'ll use the \'git\-secret\' commands to add the keyrings and information to make \fBgit\-secret\fR hide and reveal files in this repository\.
.
.
.IP"3."4
.IP"3."4
Initialize the \fBgit\-secret\fR repository by running \fBgit secret init\fR command\. The \fB\.gitsecret/\fR folder will be created\.\fBNote\fR all the contents of the \fB\.gitsecret/\fR folder should be checked in, \fB/except/\fR the \fBrandom_seed\fR file\. In other words, of all the files in \fB\.gitsecret/\fR, only the \fBrandom_seed\fR file should be mentioned in your \fB\.gitignore\fR file\. By default, \fBgit secret init\fR will add the file \fB\.gitsecret/keys/random_seed\fR to your \fB\.gitignore\fR file\.
Initialize the \fBgit\-secret\fR repository by running \fBgit secret init\fR command\. The \fB\.gitsecret/\fR folder will be created\.\fBNote\fR all the contents of the \fB\.gitsecret/\fR folder should be checked in, \fB/except/\fR the \fBrandom_seed\fR file\. In other words, of all the files in \fB\.gitsecret/\fR, only the \fBrandom_seed\fR file should be mentioned in your \fB\.gitignore\fR file\. By default, \fBgit secret init\fR will add the file \fB\.gitsecret/keys/random_seed\fR to your \fB\.gitignore\fR file\.
@ -106,7 +106,7 @@ One way of doing it is the following:
\fIcreate a gpg key\fR for your CI/CD environment\. You can chose any name and email address you want: for instance \fBMyApp CodeShip <myapp@codeship\.com>\fR if your app is called MyApp and your CI/CD provider is CodeShip\. It is easier not to define a password for that key\.
\fIcreate a gpg key\fR for your CI/CD environment\. You can chose any name and email address you want: for instance \fBMyApp CodeShip <myapp@codeship\.com>\fR if your app is called MyApp and your CI/CD provider is CodeShip\. It is easier not to define a password for that key\.
.
.
.IP"2."4
.IP"2."4
run \fBgpg \-\-export\-secret\-key myapp@codeship\.com\-\-armor\fR to get your private key value
run \fBgpg \-\-armor \-\-export\-secret\-key myapp@codeship\.com\fR to get your private key value
.
.
.IP"3."4
.IP"3."4
Create an env var on your CI/CD server \fBGPG_PRIVATE_KEY\fR and assign it the private key value\.
Create an env var on your CI/CD server \fBGPG_PRIVATE_KEY\fR and assign it the private key value\.
@ -142,7 +142,7 @@ Note: your CI/CD might not allow you to create a multiline value\. In that case,
@ -191,7 +191,7 @@ This folder contains information about the files encrypted by git\-secret, and a
You can change the name of this directory using the SECRETS_DIR environment variable\.
You can change the name of this directory using the SECRETS_DIR environment variable\.
.
.
.P
.P
Use the various \'gitsecret\' commands to manipulate the files in \fB\.gitsecret\fR, you should not change the data in these files directly\.
Use the various \'git\-secret\' commands to manipulate the files in \fB\.gitsecret\fR, you should not change the data in these files directly\.
.
.
.P
.P
Exactly which files exist in the \fB\.gitsecret\fR folder and what their contents are vary slightly across different versions of gpg\. Thus it is best to use git\-secret with the same version of gpg being used by all users\. This can be forced using SECRETS_GPG_COMMAND environment variable\.
Exactly which files exist in the \fB\.gitsecret\fR folder and what their contents are vary slightly across different versions of gpg\. Thus it is best to use git\-secret with the same version of gpg being used by all users\. This can be forced using SECRETS_GPG_COMMAND environment variable\.
_abort "at least one email is required for killperson."
_abort "at least one email is required for removeperson."
fi
fi
# Getting the local git-secret `gpg` key directory:
# Getting the local git-secret `gpg` key directory:
local secrets_dir_keys
local secrets_dir_keys
@ -43,3 +43,9 @@ function killperson {
_message "now [$*] do not have an access to the repository."
_message "now [$*] do not have an access to the repository."
_message 'make sure to hide the existing secrets again.'
_message 'make sure to hide the existing secrets again.'
}
}
function killperson {
echo'Warning: `killperson` has been renamed to `removeperson`. This alias will be removed in the future versions, please switch to call `removeperson` going forward.'