Archives/git-secret
2
1
Fork 0
mirror of https://github.com/sobolevn/git-secret synced 2024-10-31 21:20:29 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: Archives:master
Branches Tags
Archives:master
Archives:gh-pages
Archives:sobolevn-patch-5
Archives:verbose-test-output-2024
Archives:dependabot/docker/dot-ci/release-ci/ubuntu/ubuntu-24.04
Archives:dependabot/docker/dot-ci/docker-ci/ubuntu/ubuntu-24.04
Archives:dependabot/github_actions/actions/github-script-7
Archives:sobolevn-patch-4
Archives:test-apk-and-arch
Archives:issue-881-towards-new-release
Archives:issue-916-disable-arch-tests
Archives:issue-135-spaces-in-parent-dirs
Archives:issue-918-stat-on-osx
Archives:fix-arch-signature-issue
Archives:sobolevn-patch-3
Archives:sobolevn-patch-2
Archives:sobolevn-patch-1
Archives:gitignore-grep-improvement
Archives:update-changelog
Archives:update-bats-to-1.6.0
Archives:add-multiple-files-gitignore
Archives:automated-verbose-test
Archives:passphrase1
Archives:test-on-arch
Archives:renames1
Archives:revert_usage_error_change
Archives:alma-tests
Archives:issue-765-rocky-linux
Archives:issue-755-changelog-for-bats-update
Archives:issue-638-dup-emails-test
Archives:issue-710-changelog
Archives:issue-752-add-directory
Archives:issue-710-cat-subdir-bug
Archives:v0.5.0
Archives:v0.4.0
Archives:v0.4.0.alpha1
Archives:v0.3.3
Archives:v0.3.2
Archives:v0.3.1
Archives:v0.3.0
Archives:v0.2.6
Archives:v0.2.7-alpha
Archives:v0.2.7
Archives:v0.2.5
Archives:v0.2.4
Archives:v0.2.3
Archives:v0.2.2
Archives:v0.2.1
Archives:v0.2.0
Archives:v0.1.2
Archives:v0.1.1
Archives:v0.1.0
Archives:prerelease
..
compare: Archives:v0.2.2
Branches Tags
Archives:master
Archives:gh-pages
Archives:sobolevn-patch-5
Archives:verbose-test-output-2024
Archives:dependabot/docker/dot-ci/release-ci/ubuntu/ubuntu-24.04
Archives:dependabot/docker/dot-ci/docker-ci/ubuntu/ubuntu-24.04
Archives:dependabot/github_actions/actions/github-script-7
Archives:sobolevn-patch-4
Archives:test-apk-and-arch
Archives:issue-881-towards-new-release
Archives:issue-916-disable-arch-tests
Archives:issue-135-spaces-in-parent-dirs
Archives:issue-918-stat-on-osx
Archives:fix-arch-signature-issue
Archives:sobolevn-patch-3
Archives:sobolevn-patch-2
Archives:sobolevn-patch-1
Archives:gitignore-grep-improvement
Archives:update-changelog
Archives:update-bats-to-1.6.0
Archives:add-multiple-files-gitignore
Archives:automated-verbose-test
Archives:passphrase1
Archives:test-on-arch
Archives:renames1
Archives:revert_usage_error_change
Archives:alma-tests
Archives:issue-765-rocky-linux
Archives:issue-755-changelog-for-bats-update
Archives:issue-638-dup-emails-test
Archives:issue-710-changelog
Archives:issue-752-add-directory
Archives:issue-710-cat-subdir-bug
Archives:v0.5.0
Archives:v0.4.0
Archives:v0.4.0.alpha1
Archives:v0.3.3
Archives:v0.3.2
Archives:v0.3.1
Archives:v0.3.0
Archives:v0.2.6
Archives:v0.2.7-alpha
Archives:v0.2.7
Archives:v0.2.5
Archives:v0.2.4
Archives:v0.2.3
Archives:v0.2.2
Archives:v0.2.1
Archives:v0.2.0
Archives:v0.1.2
Archives:v0.1.1
Archives:v0.1.0
Archives:prerelease

No commits in common. "master" and "v0.2.2" have entirely different histories.
master ... v0.2.2

469 changed files with 1733 additions and 19602 deletions
Show Stats Expand all files Collapse all files

15
.ci/before_deploy.sh Normal file
View File

@ -0,0 +1,15 @@
#!/usr/bin/env bash
set -e
if [[ "$GITSECRET_DIST" == "rpm" ]]; then
# To deploy `rpm`-packages this utility is needed:
sudo apt-get install -y rpm;
fi
if [[ ! -z "$DOCKER_DIST" ]]; then
# When making a non-container build, this step will generate
# proper manifest files:
make "deploy-${GITSECRET_DIST}";
fi

23
.ci/before_script.sh Normal file
View File

@ -0,0 +1,23 @@
#!/usr/bin/env bash
set -e
# Docker:
if [[ ! -z "$DOCKER_DIST" ]]; then
TEMPLATE="sobolevn/git-secret-docker-$DOCKER_DIST"
DOCKERFILE_PATH=".docker/${GITSECRET_DIST}/${DOCKER_DIST}"
# Building the local image:
docker build -t "$TEMPLATE" "$DOCKERFILE_PATH"
fi
# Mac:
if [[ "$GITSECRET_DIST" == "brew" ]]; then
brew install "$GITSECRET_GPG_DEP"
fi
# Local linux (standart build):
if [[ "$GITSECRET_DIST" == "none" ]] && [[ "$GITSECRET_GPG_DEP" == "gnupg2" ]]; then
# Installing custom GPG version:
sudo apt-get install -y gnupg2
fi

20
.ci/docker-ci/alma/Dockerfile
View File

@ -1,20 +0,0 @@
FROM almalinux:8
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
RUN dnf -y update \
&& dnf install -y \
# Direct dependencies:
bash \
gawk \
git \
gnupg \
# Assumed to be present:
diffutils \
file \
findutils \
procps \
make \
&& dnf clean all \
&& rm -rf /var/cache/yum

17
.ci/docker-ci/alpine/Dockerfile
View File

@ -1,17 +0,0 @@
FROM alpine:3.20.3
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
# Don't install coreutils on Alpine,
# so we get busybox versions of ps, stat, and ls. See #475
RUN apk add --no-cache --update \
# Direct dependencies:
bash \
gawk \
git \
gnupg \
# Assumed to be present:
file \
make \
procps

17
.ci/docker-ci/arch/Dockerfile
View File

@ -1,17 +0,0 @@
FROM archlinux:base-20220529.0.58327
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
RUN pacman -Syu --needed --noconfirm \
# Direct dependencies:
bash \
gawk \
git \
gnupg \
# Assumed to be present:
diffutils \
file \
make \
procps

21
.ci/docker-ci/debian-gnupg1/Dockerfile
View File

@ -1,21 +0,0 @@
FROM debian:12.7-slim
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
ENV DEBIAN_FRONTEND='noninteractive'
ENV SECRETS_GPG_COMMAND='gpg1'
RUN apt-get update \
&& apt-get install --no-install-recommends -y \
# Direct dependencies:
gawk \
git \
gnupg1 \
# Assumed to be present:
file \
procps \
make \
# Cleaning cache:
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
&& apt-get clean -y && rm -rf /var/lib/apt/lists/*

20
.ci/docker-ci/debian-gnupg2/Dockerfile
View File

@ -1,20 +0,0 @@
FROM debian:12.7-slim
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
ENV DEBIAN_FRONTEND='noninteractive'
RUN apt-get update \
&& apt-get install --no-install-recommends -y \
# Direct dependencies:
gawk \
git \
gnupg \
# Assumed to be present:
file \
procps \
make \
# Cleaning cache:
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
&& apt-get clean -y && rm -rf /var/lib/apt/lists/*

20
.ci/docker-ci/fedora/Dockerfile
View File

@ -1,20 +0,0 @@
FROM fedora:40
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
RUN dnf -y update \
&& dnf install -y \
# Direct dependencies:
bash \
gawk \
git \
gnupg \
# Assumed to be present:
diffutils \
file \
findutils \
procps \
make \
&& dnf clean all \
&& rm -rf /var/cache/yum

20
.ci/docker-ci/rocky/Dockerfile
View File

@ -1,20 +0,0 @@
FROM rockylinux:8
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
RUN dnf -y update \
&& dnf install -y \
# Direct dependencies:
bash \
gawk \
git \
gnupg \
# Assumed to be present:
diffutils \
file \
findutils \
procps \
make \
&& dnf clean all \
&& rm -rf /var/cache/yum

20
.ci/docker-ci/ubuntu/Dockerfile
View File

@ -1,20 +0,0 @@
FROM ubuntu:23.10
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
ENV DEBIAN_FRONTEND="noninteractive"
RUN apt-get update \
&& apt-get install --no-install-recommends -y \
# Direct dependencies:
gawk \
git \
gnupg \
# Assumed to be present:
file \
procps \
make \
# Cleaning cache:
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
&& apt-get clean -y && rm -rf /var/lib/apt/lists/*

39
.ci/github_release_script.sh
View File

@ -1,39 +0,0 @@
#!/usr/bin/env sh
set -e
# Installing additional deps:
apk add --no-cache curl jq
# https://gist.github.com/Jaskaranbir/d5b065173b3a6f164e47a542472168c1
USER="$(echo "$GITHUB_REPOSITORY" | cut -d "/" -f1)"
PROJECT="$(echo "$GITHUB_REPOSITORY" | cut -d "/" -f2)"
LAST_RELEASE_TAG=$(curl \
--header "authorization: Bearer $GITHUB_TOKEN" \
--url "https://api.github.com/repos/$GITHUB_REPOSITORY/releases/latest" \
| jq .tag_name | sed 's/"//g'
)
echo "LAST_RELEASE_TAG=$LAST_RELEASE_TAG"
if [ "$LAST_RELEASE_TAG" = 'null' ]; then
# Most likely, we are facing rate-limiting problems,
# just try again later.
exit 1
fi
NEW_CHANGELOG='CHANGELOG-RELEASE.md'
# Generate new CHANGELOG.md with just the last changes
github_changelog_generator \
--user "$USER" \
--project "$PROJECT" \
--token "$GITHUB_OAUTH_TOKEN" \
--since-tag "$LAST_RELEASE_TAG" \
--max-issues 100 \
--no-issues \
--release-branch 'master' \
--token "$GITHUB_TOKEN" \
--output "$NEW_CHANGELOG"
echo 'Done! Changelog:'
cat "$NEW_CHANGELOG"

12
.ci/release-ci/alma/Dockerfile
View File

@ -1,12 +0,0 @@
FROM almalinux:8
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
RUN dnf -y update \
&& dnf install -y \
# Required for our install script:
wget \
sudo \
&& dnf clean all \
&& rm -rf /var/cache/yum

9
.ci/release-ci/alpine/Dockerfile
View File

@ -1,9 +0,0 @@
FROM alpine:3.20.3
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
RUN apk add --no-cache --update \
# Required for our install script:
bash \
wget

23
.ci/release-ci/debian/Dockerfile
View File

@ -1,23 +0,0 @@
FROM debian:12.7-slim
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
ENV DEBIAN_FRONTEND='noninteractive'
RUN apt-get update \
&& apt-get install --no-install-recommends -y \
# Required to work with https-based repos and custom signed packages:
apt-transport-https \
ca-certificates \
# Required for our install script:
gnupg \
sudo \
wget \
# Cleaning cache:
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
&& apt-get clean -y && rm -rf /var/lib/apt/lists/* \
&& adduser --disabled-password nonroot \
&& adduser nonroot sudo \
&& echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER nonroot

16
.ci/release-ci/fedora/Dockerfile
View File

@ -1,16 +0,0 @@
FROM fedora:40
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
RUN dnf -y update \
&& dnf install -y \
# Required for our install script:
wget \
sudo \
&& dnf clean all \
&& rm -rf /var/cache/yum \
&& adduser --password='' -m nonroot \
&& echo 'nonroot ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER nonroot
WORKDIR /home/nonroot

12
.ci/release-ci/rocky/Dockerfile
View File

@ -1,12 +0,0 @@
FROM rockylinux:8
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
RUN dnf -y update \
&& dnf install -y \
# Required for our install script:
wget \
sudo \
&& dnf clean all \
&& rm -rf /var/cache/yum

23
.ci/release-ci/ubuntu/Dockerfile
View File

@ -1,23 +0,0 @@
FROM ubuntu:23.10
LABEL maintainer="mail@sobolevn.me"
LABEL vendor="git-secret team"
ENV DEBIAN_FRONTEND='noninteractive'
RUN apt-get update \
&& apt-get install --no-install-recommends -y \
# Required to work with https-based repos and custom signed packages:
apt-transport-https \
ca-certificates \
# Required for our install script:
gnupg \
sudo \
wget \
# Cleaning cache:
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
&& apt-get clean -y && rm -rf /var/lib/apt/lists/* \
&& adduser --disabled-password nonroot \
&& adduser nonroot sudo \
&& echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER nonroot

40
.ci/releaser/alpine/Dockerfile
View File

@ -1,40 +0,0 @@
# Initially copied from
# https://github.com/jordansissel/fpm/blob/master/Dockerfile
FROM alpine:3.20.3
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
ENV CODE_DIR='/code'
ENV SECRETS_PROJECT_ROOT="$CODE_DIR"
ENV NFPM_VERSION='2.15.1'
RUN apk add --no-cache --update \
# fpm deps:
ruby \
ruby-dev \
ruby-etc \
gcc \
libffi-dev \
make \
libc-dev \
rpm \
tar \
# Direct dependencies:
bash \
gawk \
git \
gnupg \
# Assumed to be present:
curl \
# envsubst for `nfpm`:
gettext \
# Installing `nfpm`, it builds alpine packages:
&& curl -sfL "https://github.com/goreleaser/nfpm/releases/download/v${NFPM_VERSION}/nfpm_${NFPM_VERSION}_Linux_x86_64.tar.gz" --output 'nfpm.tar.gz' \
&& tar -xf 'nfpm.tar.gz' nfpm \
&& mv nfpm '/usr/local/bin' \
&& chmod 755 '/usr/local/bin/nfpm' \
&& rm -rf 'nfpm.tar.gz' \
# Installing `fpm`, it builds all other packages:
&& gem install --no-document fpm
WORKDIR $CODE_DIR

28
.ci/script.sh Normal file
View File

@ -0,0 +1,28 @@
#!/usr/bin/env bash
set -e
# Docker-baised builds:
if [[ ! -z "$DOCKER_DIST" ]]; then
TEMPLATE="sobolevn/git-secret-docker-$DOCKER_DIST"
# Passing the `TRAVIS_COMMIT` into the container:
COMMAND="if [ ! -z ${TRAVIS_COMMIT} ]; then git checkout ${TRAVIS_COMMIT}; fi; make test-${GITSECRET_DIST}-ci"
# This will run the full intergration check inside the `docker` container:
# see `test-deb-ci` and `test-rpm-ci` in `Makefile`
docker run "$TEMPLATE" /bin/bash -c "$COMMAND"
docker ps -a
fi
# Local builds:
if [[ "$GITSECRET_DIST" == "brew" ]] || [[ "$GITSECRET_DIST" == "none" ]]; then
# Only running `make test` on standard (non-docker) build,
# since it is called inside the docker container anyway.
make test
fi
if [[ ! -z "$(command -v shellcheck)" ]]; then
# This means, that `shellcheck` does exist, so run it:
echo 'running lint'
make lint
fi

23
.docker/deb/debian/Dockerfile Normal file
View File

@ -0,0 +1,23 @@
FROM debian:latest
MAINTAINER Nikita Sobolev (mail@sobolevn.me)
# Dependencies and project initialization:
RUN apt-get update && \
apt-get install -y man make git apt-transport-https && \
apt-get install -y ruby ruby-dev ruby-build && \
apt-get autoremove && apt-get autoclean && \
mkdir /code
# This will increase the container size, but speed up the build,
# since this part will change, while the dependencies won't:
WORKDIR /code
# Removing `origin` for good:
RUN git clone -q https://github.com/sobolevn/git-secret.git && \
cd git-secret && git remote rm origin
WORKDIR /code/git-secret

23
.docker/deb/ubuntu/Dockerfile Normal file
View File

@ -0,0 +1,23 @@
FROM ubuntu:latest
MAINTAINER Nikita Sobolev (mail@sobolevn.me)
# Dependencies and project initialization:
RUN apt-get update && \
apt-get install -y man make git apt-transport-https && \
apt-get install -y ruby ruby-dev ruby-build && \
apt-get autoremove && apt-get autoclean && \
mkdir /code
# This will increase the container size, but speed up the build,
# since this part will change, while the dependencies won't:
WORKDIR /code
# Removing `origin` for good:
RUN git clone -q https://github.com/sobolevn/git-secret.git && \
cd git-secret && git remote rm origin
WORKDIR /code/git-secret

22
.docker/make/debian/Dockerfile Normal file
View File

@ -0,0 +1,22 @@
FROM debian:latest
MAINTAINER Nikita Sobolev (mail@sobolevn.me)
# Dependencies and project initialization:
RUN apt-get update && \
apt-get install -y man make git apt-transport-https && \
apt-get autoremove && apt-get autoclean
# This will increase the container size, but speed up the build,
# since this part will change, while the dependencies won't:
RUN mkdir /code
WORKDIR /code
# Removing `origin` for good:
RUN git clone -q https://github.com/sobolevn/git-secret.git && \
cd git-secret && git remote rm origin
WORKDIR /code/git-secret

26
.docker/rpm/centos/Dockerfile Normal file
View File

@ -0,0 +1,26 @@
FROM centos:latest
MAINTAINER Nikita Sobolev (mail@sobolevn.me)
ENV HOME /root
RUN yum update -y && \
yum install -y epel-release && \
yum install -y dnf && \
dnf update -y && \
rpm -U "http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm" && \
dnf install -y gnupg man make gcc git tar > /dev/null && \
dnf install -y which pciutils redhat-rpm-config rpm-build zlib-devel && \
dnf -y group install 'Development tools' && \
dnf install -y ruby ruby-devel rubygems && \
dnf -y autoremove && \
mkdir /code
WORKDIR /code
# Removing `origin` for good:
RUN git clone -q https://github.com/sobolevn/git-secret.git && \
cd git-secret && git remote rm origin
WORKDIR /code/git-secret

22
.docker/rpm/fedora/Dockerfile Normal file
View File

@ -0,0 +1,22 @@
FROM fedora:latest
MAINTAINER Nikita Sobolev (mail@sobolevn.me)
ENV HOME /root
RUN dnf update -y && \
dnf install -y gnupg man make gcc git tar > /dev/null && \
dnf install -y which pciutils redhat-rpm-config rpm-build zlib-devel && \
dnf -y group install 'Development tools' && \
dnf install -y ruby ruby-devel rubygems && \
dnf -y autoremove && \
mkdir /code
WORKDIR /code
# Removing `origin` for good:
RUN git clone -q https://github.com/sobolevn/git-secret.git && \
cd git-secret && git remote rm origin
WORKDIR /code/git-secret

11
.editorconfig
View File

@ -8,6 +8,17 @@ indent_style = space
trim_trailing_whitespace = true
end_of_line = lf
insert_final_newline = true
[*.json]
indent_size = 2
[*.py]
indent_size = 4
[*.sh]
indent_size = 2
[*.bats]
indent_size = 2
[Makefile]

11
.gitattributes vendored
View File

@ -1,10 +1 @@
# Excluding from GitHub languages:
vendor/ linguist-vendored
# Excluding from GitHub diff:
*.1 linguist-generated
*.7 linguist-generated
# Excluding from `git diff`:
*.1 -diff
*.7 -diff
* text=auto

5
.github/FUNDING.yml vendored
View File

@ -1,5 +0,0 @@
# These are supported funding model platforms
github: wemake-services
open_collective: git-secret
custom: https://boosty.to/sobolevn

15
.github/ISSUE_TEMPLATE.md vendored
View File

@ -24,17 +24,8 @@ Any other comments?
What versions of software are you using?
----------------------------------------
**Operating system:** (`uname -a`)
**Operating system:** …
**`git-secret` path:** (`which git-secret`)
**`git-secret` version:**
**`git-secret` version:** (`git secret --version`) …
**`git` version:** (`git --version`) …
**Shell type and version:** (`$SHELL --version`) …
**`gpg` version:** (`gpg --version`) …
<!-- Love git-secret? Please consider supporting our collective:
👉 https://opencollective.com/git-secret/donate -->
**Shell type and version:** …

14
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -1,17 +1,9 @@
<!-- Thanks for sending a pull request!
Here's how it's done:
0. If you are planning a large feature, please, discuss it first in a separate issue.
See also [CONTRIBUTING.md](https://github.com/sobolevn/git-secret/blob/master/CONTRIBUTING.md) if you haven't already.
1. Make sure that you open your pull request against the `master` branch
2. Make sure that your code has the same style as the surrounding code and git-secret in general
3. Make sure your code passes using `shellcheck` with `make lint`
4. You can also spell check your code using 'aspell -c {filename}'
5. If you are adding or changing features, please add tests that cover the new behavior (in addition to the unchanged behavior if appropriate)
6. Make sure that all tests pass
7. Change the .md file(s) in man/man*/ to document your changes if appropriate
(regenerating man pages with 'make build-man' is optional)
8. Add an entry to CHANGELOG.md explaining the change briefly and, if appropriate, referring to the related issue #
1. Make sure that you open your pull-request to the `develop` branch (master branch is protected, since some plugins use it when installed)
2. Make sure that tests pass
3. Make sure that your code has the same style
Please make sure you click the link above to view the contribution guidelines, then fill out the blanks below. -->

83
.github/dependabot.yml vendored
View File

@ -1,83 +0,0 @@
# GitHub-native dependabot setup, configuration:
# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
version: 2
updates:
# Docs and GitHub Actions:
- package-ecosystem: bundler
directory: "/docs"
schedule:
interval: daily
- package-ecosystem: github-actions
directory: "/"
schedule:
interval: daily
# Our CI and release docker images:
- package-ecosystem: docker
directory: ".ci/releaser/alpine"
schedule:
interval: weekly
# Release CI:
- package-ecosystem: docker
directory: ".ci/release-ci/alpine"
schedule:
interval: weekly
- package-ecosystem: docker
directory: ".ci/release-ci/debian"
schedule:
interval: weekly
- package-ecosystem: docker
directory: ".ci/release-ci/ubuntu"
schedule:
interval: weekly
- package-ecosystem: docker
directory: ".ci/release-ci/centos"
schedule:
interval: weekly
- package-ecosystem: docker
directory: ".ci/release-ci/fedora"
schedule:
interval: weekly
# Docker CI:
- package-ecosystem: docker
directory: ".ci/docker-ci/alpine"
schedule:
interval: weekly
- package-ecosystem: docker
directory: ".ci/docker-ci/debian-gnupg1"
schedule:
interval: weekly
- package-ecosystem: docker
directory: ".ci/docker-ci/debian-gnupg2"
schedule:
interval: weekly
- package-ecosystem: docker
directory: ".ci/docker-ci/ubuntu"
schedule:
interval: weekly
- package-ecosystem: docker
directory: ".ci/docker-ci/centos"
schedule:
interval: weekly
- package-ecosystem: docker
directory: ".ci/docker-ci/fedora"
schedule:
interval: weekly

25
.github/workflows/build-man.yml vendored
View File

@ -1,25 +0,0 @@
name: build-man
on:
push:
branches:
- master
paths:
- 'docs/**/*'
pull_request:
paths:
- 'docs/**/*'
workflow_dispatch:
concurrency:
group: ${{ github.head_ref || github.run_id }}-build-man
cancel-in-progress: true
jobs:
build-man:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Checks that manual generation works
run: make build-man

32
.github/workflows/github-pages.yml vendored
View File

@ -1,32 +0,0 @@
name: github-pages
on:
push:
branches:
- master
paths:
- 'man/**/*'
- 'docs/**/*'
- 'utils/*/install.sh'
concurrency:
group: ${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build docs
run: make build-docs
- name: Deploy to Pages
uses: JamesIves/github-pages-deploy-action@v4.6.8
with:
token: ${{ secrets.GITHUB_TOKEN }}
branch: gh-pages # The branch the action should deploy to.
folder: docs # The folder the action should deploy.
clean: true # Automatically remove deleted files from the deploy branch

91
.github/workflows/release-ci.yml vendored
View File

@ -1,91 +0,0 @@
name: release-ci
on:
workflow_dispatch:
schedule:
- cron: '0 0 * * *'
# In case we change the some build scripts:
push:
branches:
- master
paths:
- 'utils/**'
- '.ci/release-ci/**'
- 'Makefile'
- '.github/workflows/release-ci.yml'
pull_request:
paths:
- 'utils/**'
- '.ci/release-ci/**'
- 'Makefile'
- '.github/workflows/release-ci.yml'
concurrency:
group: ${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
existing:
runs-on: ubuntu-latest
strategy:
matrix:
include:
- release-type: deb
release-env: debian
- release-type: deb
release-env: ubuntu
- release-type: rpm
release-env: fedora
- release-type: rpm
release-env: rocky
- release-type: rpm
release-env: alma
#- release-type: apk # temp removal of alpine releases for #881
# release-env: alpine # temp removal of alpine releases for #881
steps:
- uses: actions/checkout@v4
- name: Run checks
run: |
SECRETS_RELEASE_ENV="${{ matrix.release-env }}" \
SECRETS_RELEASE_TYPE="${{ matrix.release-type }}" \
make release-ci
# Keep in sync with `release.yml`:
dryrun:
runs-on: ubuntu-latest
strategy:
matrix:
release-type:
- apk
- deb
- rpm
steps:
- uses: actions/checkout@v4
- name: Run dry run of the release process
run: |
SECRETS_RELEASE_TYPE="${{ matrix.release-type }}" \
SECRETS_DEPLOY_DRY_RUN=1 \
SECRETS_ARTIFACTORY_CREDENTIALS='fake' \
make release
# https://github.community/t/run-github-actions-job-only-if-previous-job-has-failed/174786/2
create-issue-on-failure:
name: Create an issue if release-ci cron failed
runs-on: ubuntu-latest
needs: [existing, dryrun]
if: ${{ github.event_name == 'schedule' && github.repository == 'sobolevn/git-secret' && always() && (needs.existing.result == 'failure' || needs.dryrun.result == 'failure') }}
permissions:
issues: write
steps:
- uses: actions/github-script@v6
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
await github.rest.issues.create({
owner: "sobolevn",
repo: "git-secret",
title: `release-ci failure on ${new Date().toDateString()}`,
body: "Details: https://github.com/sobolevn/git-secret/actions/workflows/release-ci.yml",
})

45
.github/workflows/release.yml vendored
View File

@ -1,45 +0,0 @@
name: release
on:
push:
tags:
- 'v*'
workflow_dispatch:
concurrency:
group: ${{ github.head_ref || github.run_id }}
jobs:
release-packages:
environment:
name: artifactory
url: https://gitsecret.jfrog.io/artifactory
runs-on: ubuntu-latest
strategy:
matrix:
release-type:
- apk
# - deb
# - rpm
steps:
- uses: actions/checkout@v4
- name: Run checks
run: SECRETS_RELEASE_TYPE="${{ matrix.release-type }}" make release
env:
SECRETS_ARTIFACTORY_CREDENTIALS: ${{ secrets.SECRETS_ARTIFACTORY_CREDENTIALS }}
# github-release:
# runs-on: ubuntu-latest
# needs: ['release-packages']
# steps:
# - uses: actions/checkout@v4
# - run: make changelog
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# - uses: softprops/action-gh-release@v1
# with:
# # Generated above by `make changelog`:
# body_path: CHANGELOG-RELEASE.md
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

89
.github/workflows/test.yml vendored
View File

@ -1,89 +0,0 @@
name: test
on:
push:
branches:
- master
paths-ignore:
- 'docs/**'
pull_request:
paths-ignore:
- 'docs/**'
workflow_dispatch:
concurrency:
group: ${{ github.head_ref || github.run_id }}-test
cancel-in-progress: true
permissions:
contents: read
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Shellcheck and Hadolint
run: make lint
docker-ci:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
docker-env:
- alma
- alpine
#- arch # disable arch testing for now, see #916
- debian-gnupg1 # We need to test legacy version of gnupg
- debian-gnupg2
- fedora
- rocky
- ubuntu
steps:
- uses: actions/checkout@v4
- name: Run checks
run: SECRETS_DOCKER_ENV="${{ matrix.docker-env }}" make docker-ci
osx-ci:
runs-on: macos-latest
strategy:
fail-fast: false
matrix:
test-verbose: [0, 1]
steps:
- uses: actions/checkout@v4
- name: Install deps
run: brew install gawk gnupg
- name: Run checks
run: SECRETS_TEST_VERBOSE=${{ matrix.test-verbose }} make test
freebsd-ci:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run checks
id: test
uses: vmactions/freebsd-vm@v1
with:
usesh: true
prepare: pkg install -y gnupg bash gmake git gawk
run: |
which -a bash
which -a shell
whoami
env
freebsd-version
gmake test
windows-wsl-ci:
runs-on: windows-latest
steps:
- uses: Vampire/setup-wsl@v3
with:
update: 'true'
additional-packages: gnupg make man git gawk file
- run: git config --global core.autocrlf input
- uses: actions/checkout@v4
- shell: wsl-bash {0}
run: make test

10
.gitignore vendored
View File

@ -29,7 +29,7 @@ $RECYCLE.BIN/
# Linux trash folder which might appear on any partition or disk
.Trash-*
#####=== MacOS ===#####
#####=== OSX ===#####
.DS_Store
.AppleDouble
.LSOverride
@ -126,16 +126,10 @@ _site/
git-secret
# Temporary packages:
vendor/
temp/
# Packaging:
build/
*.deb
*.fpm
# Docs:
docs/man
docs/_posts
docs/_includes/install-*.sh
docs/_includes/version.txt
CHANGELOG-RELEASE.md

77
.travis.yml Normal file
View File

@ -0,0 +1,77 @@
matrix:
fast_finish: true
include:
- os: linux
env: GITSECRET_DIST="make"; DOCKER_DIST="debian"
services: docker
sudo: required
language: ruby
- os: linux
env: GITSECRET_DIST="deb"; DOCKER_DIST="debian";
services: docker
sudo: required
language: ruby
- os: linux
env: GITSECRET_DIST="deb"; DOCKER_DIST="ubuntu"
services: docker
sudo: required
language: ruby
- os: linux
env: GITSECRET_DIST="rpm"; DOCKER_DIST="fedora"
services: docker
sudo: required
language: ruby
- os: linux
env: GITSECRET_DIST="none"; GITSECRET_GPG_DEP="gnupg"; SECRETS_GPG_COMMAND="gpg"
sudo: required
language: ruby
- os: linux
env: GITSECRET_DIST="none"; GITSECRET_GPG_DEP="gnupg2"; SECRETS_GPG_COMMAND="gpg2"
sudo: required
language: ruby
- os: linux
env: GITSECRET_DIST="shellcheck"
sudo: required
language: ruby
addons:
apt:
sources:
- debian-sid
packages:
- shellcheck
- os: osx
env: GITSECRET_DIST="brew"; GITSECRET_GPG_DEP="gnupg2"; SECRETS_GPG_COMMAND="gpg2"
sudo: false
language: generic
before_script:
- chmod +x ".ci/before_script.sh" && ".ci/before_script.sh"
script:
- chmod +x ".ci/script.sh" && ".ci/script.sh"
before_deploy:
- chmod +x ".ci/before_deploy.sh" && ".ci/before_deploy.sh"
deploy:
- provider: bintray
on:
branch: master
condition: "$GITSECRET_DIST == deb"
file: "build/deb_descriptor.json"
user: "sobolevn"
key: "$BINTRAY_API_KEY"
passphrase: "$BINTRAY_GPG_PASS"
- provider: bintray
on:
branch: master
condition: "$GITSECRET_DIST == rpm"
file: "build/rpm_descriptor.json"
user: "sobolevn"
key: "$BINTRAY_API_KEY"
passphrase: "$BINTRAY_GPG_PASS"
notifications:
email:
on_success: never
on_failure: change

333
CHANGELOG.md
View File

@ -1,351 +1,58 @@
# Changelog
## {{Next Version}}
### Misc
- NOTE: Arch instructions now say to install from source. Arch tests removed temporarily (#916)
- NOTE: there is an issue when repo directory (or a parent dir) contains a space (#135)
- Improve error messaging when we cannot find git repo (#874)
- Temporarily disable apk builds on alpine (#881)
- Have `hide -v` show output from gnupg
- Documentation updates and fixes
## 0.5.0
### Features
- Adds `SECRETS_GPG_ARMOR` env variable to use `gpg --armor`
when encrypting files, so secret files are stored
in text format rather than binary (#631)
- Allow gnupg permission warnings in `tell`, `hide`, `reveal`, and `removeperson` (#811)
- `git secret init` now sets `.gitsecret/keys` permission to 0700 (#811)
- Improve verbose and non-verbose output
### Bugfixes
- Fix adding newlines to `.gitignore` entries (#643)
- Fix `cat` and `reveal` on named files while in repo subdir (#710)
- Fix `clean`, `hide`, `reveal` so they only remove marked secret files (#833)
- Fix for `removeperson` if same email is present multiple times (#638)
- Correct error message about files missing from .gitignore
### Misc
- Rename `killperson` command to `removeperson` (#684)
- Improve error messaging decrypting nonexistent files (#706)
- Improve, expand, correct, and update docs (#699)
- Update docs for use with CI/CD server (#675)
- Upgrade bats-core to v1.6.0 (#755)
- Test, and build RPMS, with Rocky and Alma Linux instead of CentOS (#765)
- Automate testing code on windows using WSL (#846)
- Automate testing code on FreeBSD (#455)
- Improve testing of .gitignore contents (#792)
- Automate running verbose tests with SECRETS_TEST_VERBOSE=1 (#794)
- Improve documentation about installing on Windows (#843)
## 0.4.0
### Bugfixes
- Escape filenames with special characters before adding to `.gitignore`
- Better error handling around telling an email twice (#634)
- Fix for `-P` (#647)
### Misc
- Removed `test-kitchen`
- Moved from `travis` to GitHub Actions
- Changed almost all infrastructure code
- Moved away from Bintray to Artifactory
- Changes how GitHub Pages work
- Add security disclaimer for git-secret-killperson
- Improve documentation about releases
- Man page improvements
## Version 0.3.3
### Bugfixes
- In 'tell', warn about disabled, revoked, expired, or invalid keys (#552, #508, #317, #290, #283, #238)
- Error if 'tell' is used on an email address with multiple keys (#552)
- Don't let 'reveal' clobber secret files (#579)
- Updated test key fixture that had expired (#607)
### Misc
- Improve docs about using gpg with git-secret (#577)
- Text improvements and More about security in git-secret.7 man page (#603)
- Reflect changes in ruby bundler during build process
- Upgrade build process to ansible 2.9
- Use shellcheck 0.7.1 with CI, not 'latest' (#609)
- Improve output of `git-secret add`
## Version 0.3.2
### Bugfixes
- Fix mention of version in git-secret add man page (#544)
### Misc
- Update developer docs, especially regarding mac, docker, and test-kitchen (#195)
- Update man pages to mention version documented (#420)
## Version 0.3.1
### Misc
- Update man pages
## Version 0.3.0
### Features
- Support SECRETS_PINENTRY env var for gnupg --pinentry-mode parameter (#221)
- Show output from gnupg if 'hide' fails (#516, #202, #317)
- Add support for Busybox (#478)
### Bugfixes
- Use OSX's mktemp on OSX, even if there's another version in PATH. (#485)
- Make rsync a build requirement on debian (#500)
- Use gnupg1, not gnupg2, when tests specify gnupg1 (#241)
- Note dependencies gawk, bash, and coreutils in linux packages (#493)
- Handle case of key having no email and a comment (#527)
- Avoid blank lines from output of 'clean -v'
### Misc
- Improve messaging and logic around deleting tmp files.
- Add note about secrets and old keys (#499)
- Transition build process from python 2 to python 3 (#487)
- Upgrade build process from ansible 2.5 to ansible 2.8
- Fix build process when installing gnupg2 source deps on Ubuntu
- Close file descriptor 3 when running gnupg subprocesses (#521)
- Small optimization in 'hide'
- Improve code comments
- Update docs to note that git-secret repos modified by git-secret 0.2.3 and
later are not backward compatible with pre-0.2.3 versions of git-secret. (#536)
## Version 0.2.6
### Features
- git-secret is now available in Fedora, link added to README.md. (#315)
- Support automated testing on windows with Travis CI (#372)
- Support SECRETS_VERBOSE env var to enable verbosity (#323)
- Use gpg without --quiet when decrypting in verbose mode (#394)
- Add -v options to 'tell' and 'reveal', showing gpg output (#320, #395)
- Change 'init' to never ignore .secret files (#362)
- 'add' appends filepaths to .gitignore by default (#225)
- Automate the GitHub release (#411)
### Bugfixes
- Fix 'hide -m' when used as first hide operation (#466)
- Fix code to respect $TMPDIR when generating tmp files (#451)
- Be more careful when deleting test files (#360)
- Use separate directory when testing, instead of using $BATS_TMPDIR directly (#407)
- Fix 'whoknows -l' and related tests on FreeBSD (#454)
- Fix git-secret init when used on busybox (#475)
- Update git-secret.io, fix utils/gh-branch.sh to use 'git all --add' (#344)
- Fix link to homebrew's git-secret in README.md (#310)
- Remove diagnostic output from test results (#324)
- Remove un-needed redirection in 'reveal' (#325)
- Fix link to current contributors in CONTRIBUTING.md (#331)
- Fix tests when running from git hooks (#334)
- Fix typo, remove temp directory in utils/tests.sh (#347)
- Spelling fixes
- Fix re: SECRETS_DIR in 'init' and SECRETS_EXTENSION in test_reveal.bats (#364)
- git-secret will fail if you pass params or filenames that are not understood (#390)
- Use SECRETS_GPG_COMMAND env var in gpg version check (#389)
- Add header to git-secret.7 man page, for debian and doc improvement (#386)
- Respect DESTDIR when installing as per GNU/debian/etc recommendations (#424)
- Use git check-ignore to test for files ignored by git
### Misc
- Improve docs about hide -m option (#467)
- Document SECRETS_VERBOSE and improve env var docs (#396)
- Setting SECRETS_TEST_VERBOSE env var shows debug info during tests (EXPERIMENTAL)
- Add documentation about how to write tests.
- Suppress 'cleaning up temp files' messages unless in a verbose mode.
- Improve git-secret user messaging.
- Update CHANGELOG.md to mention fix for #281 in v0.2.5 (#311)
- Add text explaining git-secret Style Guide and Development Philosophy
- Use Shellcheck on tests/ files, changes for Shellcheck in tests/ (#368)
- Use Shellcheck on MacOS/osx travis tests (#403)
- Show commands run by Makefile as per debian upstream recommendations (#386)
- Upgrade bats-core to v1.1.0, import bats-core into vendor/bats-core (#377)
- Use gawk to parse emails from gpg output
- Optimize code that parses keyrings
- Remove unused code
## Version 0.2.5
### Features
- Add support for FreeBSD (#244)
- Add -l option to whoknows, which shows key expiration dates (#283)
- Add -P option (preserve permissions) to reveal and hide (#172)
- Add -F option (force, changing some errors to warnings) to hide and reveal (#253)
- Allow user to specify name of secret dir at runtime using SECRETS_DIR env var, and test (#247, #250)
### Bugfixes
- Fix issues with spaces in paths and filenames (#226, #135)
- Fix issue when 'hide' used in subdir of repo (#230)
- Fix issues in 'changes' with trailing newlines (#291)
- Fix 'hide' to only count actually hidden files as hidden (#280)
- Fixed bugs and improved error messages (#174)
- Issue error message when unable to hide a secret (#202, #238)
- Accept gpg key with no name, only an email (#227)
- Require keys to be specified by email, as documented (#267)
- Disallow 'git secret tell' or 'killperson' with emails that are not in keyring (also #267)
### Misc
- Added notes about packages and for package maintainers (#281)
- Improve documentation regarding operation with different versions of GPG (#274, #182)
- Documentation improvements, error message and text improvements, and typo fixes (#254)
- git-secret RFC#001 added, documenting a path towards independence from gpg binary formats (#208)
- Add tests for expired gpg keys, and gpg keys with only emails (#276)
## Version 0.2.4
### Features
- Added `git secret cat` feature (#141)
### Bugfixes
- `git secret hide` and `git secret changes` check for files more carefully (#153, #154)
### Misc
- Documentation and error message improvements (#126, #136, #144, #150)
- Build and CI fixes (#152, #179, #186, #188, #189)
- Migrate to `bats-core` bash testing framework
## Version 0.2.3
### Features
- Added `-m` option to `hide` command, files will only be hidden when modifications are detected (#92)
- Changed how path mappings file works: colon delimited FSDB in `.gitsecret/paths/mapping.cfg', so git-secret
can store checksums of hidden files. Note this means git-secret repos modified by git-secret 0.2.3
or later are not backward compatible with pre-0.2.3 versions of git-secret. (#92)
- `git secret init` now adds `random_seed` to `.gitignore` (#93)
### Bugfixes
- Dropped `git check-ignore`, using `git add --dry-run` instead to check for ignored files (#105,#38)
- Fixed `gnupg` >= 2.1 CI tests (#6)
### Misc
- Now users can run local CI tests using test-kitchen (#6)
- Migrated travis ci tests to test-kitchen for Linux platforms.
- Added more `gpg` version to test matrix (#99)
- Added CentOS to test matrix (#38,#91)
- All tested Linux platforms now use latest release of `shellcheck`
- Added Alpine to test matrix, and apk is now built. (#75)
## Version 0.2.2
### Features
- Change how the `usage` command works (#48)
- Now `git-secret` works from any place inside `git-tree` (#56)
- Added `-d` option to the `hide` command: it deletes unencrypted files (#62)
- Added `-d` option to the `hide` coomand: it deletes unencrypted files (#62)
- Added new command `changes` to see the diff between the secret files (#64)
- Fixed bug when `_user_required` was not working after reimporting keys (#74)
- Now it is possible to provide multiple emails to the `killperson` command (#73)
- Now it is possible to provide multiple emails to the `tell` command (#72)
### Bugfixes
- Fixed bug when `_user_required` was not working after re-importing keys (#74)
- Refactored `hide` and `clean` commands to be shorter
### Misc
- Now every doc in this project refer to `git-secret.io` instead of old `gh-pages` website (#71)
- Now installation section is removed from main `man` file (#70)
- Now "See also" sections in the `man` pages are clickable (#69)
- Now "See also" section in the `man`s are clickable (#69)
- Added "Manual" section to the manuals (#61)
- Added `CentOS` container for `ci` testing (#38)
- Tests are refactored. Added `clean` command tests, removed a lot of hard-coded things, moved tests execution from `./temp` folder to `/tmp`, added a lot of new check in old tests, and some new test cases (#52)
- Added `centos` container for `ci` testing (#38)
- Tests are refactored. Added `clean` command tests, removed a lot of hardcoded things, moved tests execution from `./temp` folder to `/tmp`, added a lot of new check in old tests, and some new test cases (#52)
- Refactored `hide` and `clean` commands to be shorter
- `shellcheck` is now supported with `make lint`
## Version 0.2.1
### Misc
- Now everything is tested inside the `docker`-containers and `OSX` images on `travis`.
- Added autodeploy to `bintray` in `.travis.yml`.
- Added `.ci/` folder for continuous integration, refactored `utils/` folder.
- Added `CONTRIBUTING.md` and `LICENSE.md`.
- New brand logo in the `README.md`.
- Added autodeploy to `bintray` in `.travis.yml`.
- Now everything is tested inside the `docker`-containers and `OSX` (MacOS) images on `travis`.
- Added `.ci/` folder for continuous integration, refactored `utils/` folder.
- Everything is `shellcheck`ed (except `tests/`).
## Version 0.2.0
### Features
- Added `changes` command to see the difference between current version of the hidden files and the committed one
- Added `changes` command to see the difference between current version of the hidden files and the commited one
- Added `-f` option to the `reveal` command to remove prompts
### Bugfixes
- Some bugs are fixed
### Misc
- New installation instructions
- Changed the way files were decrypted, now it is a separate function
- Some bugs are fixed
- New installation instructions
## Version 0.1.2
### Features
- Added `-i` option to the `git-secret-add` command, which auto adds unignored files to the `.gitignore`
### Misc
- `.github` templates added
- Documentation improved with `Configuration` section
- `Makefile` improvements with `.PHONY` and `install` target
- Added extra tests: for custom filenames and new features
- `Makefile` improvements with `.PHONY` and `install` target
- `.github` templates added
## Version 0.1.1
### Features
- Added `--dry-run` option to the `git secret` command, which prevents any actions.
### Misc
- Removed animation from docs, now using `asciinema.org`
- `install_full_fixture()` returns a fingerprint
- `uninstall_full_fixture()` receives two args
- Fixed bug when tests were failing with `gpg2`
- Now `install_full_fixture()` returns a fingerprint
- Now `uninstall_full_fixture()` receives two args
- Fixed bug, when tests were failing with `gpg2`
- New travis strategy: testing both `gpg` and `gpg2`
- Removed animation from docs, now using `asciinema.org`
## Version 0.1.0
### Features
- Implementation of git secret add
- Implementation of git secret clean, with -v option
- Implementation of git secret hide, with -c 'clean' and -v option
- Implementation of git secret init
- Implementation of git secret killperson
- Implementation of git secret list
- Implementation of git secret remove, with -c option
- Implementation of git secret reveal, with -d homedir and -p passphrase options
- Implementation of git secret tell, with -m email and -d homedir options
- Implementation of git secret usage
- Initial release

218
CONTRIBUTING.md
View File

@ -2,216 +2,92 @@
Your contributions are always welcome!
## Getting started
1. Create your own or pick an opened issue from the [tracker](https://github.com/sobolevn/git-secret/issues). Take a look at the [`help-wanted` tag](https://github.com/sobolevn/git-secret/labels/help%20wanted)
2. Fork the git-secret repo and then clone the repository using a command like `git clone https://github.com/${YOUR_NAME}/git-secret.git`
3. Make sure that everything works on the current platform by running `make test`.
You can also try the experimental `SECRETS_TEST_VERBOSE=1 make test`, which will
show you a lot of debug output while the tests are running.
Note that 'experimental' features may change or be removed in a future version of `git-secret`.
4. If you want to test on multiple operating systems just push your PR, GitHub Actions will cover everything else
Basically, our `make` file is the only thing you will need to work with this repo.
## Process
### Environment
For development of `git-secret` you should have these tools locally:
Before starting make sure you have:
- git
- bash
- gawk
- gnupg (or gnupg2), see below if not packaged by your distribution/OS (i.e. MacOS)
- sha256sum (on freebsd and MacOS `shasum` is used instead)
- make
- gnupg (or gnupg2)
- [shellcheck](https://github.com/koalaman/shellcheck)
To test `git-secret` you will need:
Only required if dealing with manuals, `gh-pages` or releases:
- [docker](https://www.docker.com/)
- ruby, ruby-dev
### Code style
### Getting started
New features and changes should aim to be as clear, concise, simple, and consistent
1. clear: make it as obvious as possible what the code is doing
2. concise: your PR should be as few characters (not just lines) of changes as _reasonable_.
However, generally choose clarity over being concise.
Clarity and conciseness can be in conflict with each other. But
it's more important for the code to be understandable than for it to be small.
Therefore favor writing clear code over making shorter diffs in your PRs.
3. simple: this dovetails with the previous two items.
git-secret is a security product, so it's best to have the code be easy to understand.
This also aids future development and helps minimize bugs.
4. consistent: Write code that is consistent with the surrounding code and the rest of the git-secret code base.
Every code base has its own conventions and style that develop and accrete over time.
Consistency also means that the inputs and outputs of git-secret should be as consistent as reasonable
with related Unix and git tools, and follow the 'rule of least surprise',
also known as the 'principle of least astonishment': <https://en.wikipedia.org/wiki/Principle_of_least_astonishment>
We wrote this to clarify our thinking about how git-secret should be written. Of course, these are philosophical goals,
not necessities for releasing code, so balancing these four ideals _perfectly_ is both unwarranted and impossible.
### Writing PRs
If you're planning a large change to `git-secret` (for example, a lot of lines/characters of diffs, affecting multiple commands,
changing/adding a lot of behavior, or adding multiple command-line options), it's best to discuss the changes in an Issue first.
Also it's often best to implement larger or complex changes as a series of planned-out, smaller PRs,
each making a small set of specific changes. This facilitates discussions of implementation, which often come to light
only after seeing the actual code used to perform a task.
As mentioned above, we seek to be consistent with surrounding git and Unix tools, so when writing changes to git-secret,
think about the input, output, and command-line options that similar Unix commands use.
Our favor toward traditional Unix and git command-style inputs and outputs can also mean it's appropriate to
lean heavily on git and widely-used Unix command features instead of re-implementing them in code.
1. Create your own or pick an opened issue from the [tracker][tracker]. Take a look at the [`help-wanted` tag][help-wanted]
2. Fork and clone your repository: `git clone https://github.com/${YOUR_NAME}/git-secret.git`
3. Make sure that everything works fine by running `make test`
### Development Process
1. Make changes to the git secret files that need to be changed
2. When making changes to any files inside `src/`, for changes to take effect you will need to rebuild the `git-secret` script with `make clean && make build`
3. Run `shellcheck` against all your changes with `make lint`.
You should also check your changes for spelling errors using 'aspell -c filename'.
4. Add an entry to CHANGELOG.md, referring to the related issue # if appropriate
5. Change the `man` source file(s) (we write them in markdown) in `man/man1` and `man/man7` to document your changes if appropriate
6. Now, add all your files to the commit with `git add --all` and commit changes with `git commit`.
Write a good commit message which explains your work
7. When running `git commit` the tests will run automatically, your commit will be canceled if they fail.
You can run the tests manually with `make clean build test`.
8. Push to your repository, and make a pull-request against `master` branch. It's ideal to have one commit per pull-request,
but don't worry, it's easy to `squash` PRs into a small number of commits when they're merged.
1. Firstly, you will need to setup development hooks with `make install-hooks`
2. Make changes to the files that need to be changed
3. When making changes to any files inside `src/` you will need to rebuild the binary `git-secret` with `make clean && make build` command
4. Run [`shellcheck`][shellcheck] against all your changes with `make lint`
5. Now, add all your files to the commit with `git add --all` and commit changes with `git commit`, make sure you write a good message, which will explain your work
6. When running `git commit` the tests will run automatically, your commit will be canceled if they fail
7. Push to your repository, make a pull-request against `develop` branch. Please, make sure you have **one** commit per pull-request, it will be merge into one anyways
### Branches
We have two long-live branches: `master` for the git-secret code and man pages, and `gh-pages` for the static web site.
The `gh-pages` branch tracks the `master` branch's `docs` folder, and is kept up-to-date using a GitHub Action.
We have three long-live branches: `master`, `staging` and `develop` (and `gh-pages` for static site).
Development looks like this:
It basically looks like that:
> `your-branch` -> `master`
> `your-branch` -> `develop` -> `staging` -> `master`
- `master` branch is protected, so only fully tested code goes there. It is also used to create a new `git` tag and a `github` release
- `master` branch is protected, since `antigen` and tools like it install the app from the main branch directly. So only fully tested code goes there
- `staging` - this branch is used to create a new `git` tag and a `github` release, then it gets merged into `master`
- `develop` is where the development is done and the branch you should send your pull-requests to
By convention, you can name your branches like `issue-###-short-description`, but that's not required.
The `gh-pages` branch is used for the pages at `git-secret.io`. See 'Release Process' below.
### Continuous integration
### Writing tests
CI is done with the help of `travis`. `travis` handles multiple environments:
`git-secret` uses [bats-core](https://github.com/bats-core/bats-core) for testing.
See the files in tests/ and the `bats-core` documentation for details.
Because the output of many commands can be affected by the SECRETS_VERBOSE environment
variable (which enables verbosity), it's best not to expect a particular number of lines of
output from commands.
- `Docker`-based jobs or so-called 'integration tests', these tests create a local release, install it with the package manager and then run unit-tests and system checks
- `OSX` jobs, which handle basic unit-tests on `OSX`
- Native `travis` jobs, which handle basic unit-tests and stylechecks
### Release process
To create a new release, (you'll first need permission to commit to the repo, of course):
The release process is defined in the `git`-hooks and `.travis.yml`.
Update the content of `CHANGELOG.md` for the release (this should be a matter of changing headers),
and update the version string in `src/version.sh`.
When creating a commit inside the `staging` branch (it is usually a documentation and changelog update with the version bump inside `src/version.sh`) it will trigger two main events.
When creating a commit inside the `master` branch (it is usually a documentation and changelog update with the version bump inside `src/version.sh`).
Firstly, new manuals will be created and added to the current commit with `make build-man` on `pre-commit` hook.
Then, push your code to GitHub. It will start the CI.
After all the checks have executed, GitHub Actions will test and build releases for specific platforms.
While CI is doing it's building and testing, finish the release on github by pushing the new tag with:
Secondly, after the commit is successfully created it will also trigger `make build-gh-pages` target on `post-commit` hook, which will push new manuals to the [git-secret site][git-secret-site]. And the new `git` tag will be automatically created if the version is changed:
```bash
git push --tags
if [[ "$NEWEST_TAG" != "v${SCRIPT_VERSION}" ]]; then
git tag -a "v${SCRIPT_VERSION}" -m "version $SCRIPT_VERSION"
fi
```
and then go to https://github.com/sobolevn/git-secret/releases to see that the new release is created. It might take some time.
Then it will be merged inside `master` when ready.
#### GitHub automated releases
#### Travis releases
We use GitHub actions to run the release process.
We use `artifactory` as an environment for the release.
You would need to get a review before release would be possible.
When creating a commit inside `master` branch, `travis` on successful build will publish new `deb` and `rpm` packages to [`bintray`][bintray].
It can be reproduced locally with `make release`, but you will need `SECRETS_ARTIFACTORY_CREDENTIALS`.
After packages are released to https://gitsecret.jfrog.io we trigger `release-ci` workflow to test that installation works correctly.
If you wish to override a previous release (*be careful*) you will need to add `"override": 1` into `matrixParams`, see `deb-deploy.sh` and `rpm-deploy.sh`
#### Manual releases
Releases to `brew` are made manually, and involve opening a PR on the [Homebrew Core](https://github.com/Homebrew/homebrew-core) repo .
To get started, see the
[Homebrew docs about Formulae-related PRs](https://docs.brew.sh/How-To-Open-a-Homebrew-Pull-Request#formulae-related-pull-request)
and `brew bump-formula-pr --help`
Releases to `brew` are made manually.
### Downstream Packages
#### Dockerhub releases
There are several distributions and packaging systems that may already have git-secret packaged for your distribution (although sometimes their versions are not the most current, and we recommend all users upgrade to 0.2.5 or above).
[`Dockerhub`][Dockerhub] contains `Docker` images with different OS'es used for testing. It is updated via a `github` webhook on commit into `master`.
### Notes to Downstream Packagers (Those who make packages for specific OSes/distributions)
First of all, thank you for packaging git-secret for your platform! We appreciate it.
We also would like to welcome you to collaborate or discuss any issues, ideas or thoughts you have about
git-secret by submitting [issue report](https://github.com/sobolevn/git-secret/issues)
(which can also be feature requests) or
[pull requests](https://help.github.com/en/articles/creating-a-pull-request)
via the git repo at
[git-secret on github](https://github.com/sobolevn/git-secret)
Please let us know if there are any changes you'd like to see to the source,
packaging, testing, documentation, or other aspect of git-secret.
We look forward to hearing from you.
## About GnuPG
Here are some links to gnupg documentation that might be useful for those working with git-secret:
- [GnuPG PDF Documentation](https://www.gnupg.org/documentation/manuals/gnupg.pdf)
- [GnuPG doc/DETAILS File](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS)
## Financial contributions
We also welcome financial contributions in full transparency on our [open collective](https://opencollective.com/git-secret).
Anyone can file an expense. If the expense makes sense for the development of the community, it will be "merged" in the ledger of our open collective by the core contributors and the person who filed the expense will be reimbursed.
## Credits
### Contributors
Thank you to all the people who have already contributed
to `git-secret` via commits to our git repository!
[![List of contributors](https://opencollective.com/git-secret/contributors.svg?width=890&button=0)](https://github.com/sobolevn/git-secret/contributors)
### Backers
Thank you to all our backers! [[Become a backer](https://opencollective.com/git-secret#backer)]
<object type="image/svg+xml" data="https://opencollective.com/git-secret/tiers/backer.svg?avatarHeight=36&width=600" style="max-width: 100%;"></object>
### Sponsors
Thank you to all our sponsors! (please ask your company to also support this open source project by [becoming a sponsor](https://opencollective.com/git-secret#sponsor))
<object type="image/svg+xml" data="https://opencollective.com/git-secret/tiers/sponsor.svg?avatarHeight=36&width=600" style="max-width: 100%;"></object>
[tracker]: https://github.com/sobolevn/git-secret/issues
[help-wanted]: https://github.com/sobolevn/git-secret/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22
[shellcheck]: https://github.com/koalaman/shellcheck
[git-secret-site]: http://git-secret.io
[bintray]: https://bintray.com/sobolevn
[Dockerhub]: https://hub.docker.com/r/sobolevn/git-secret/

237
Makefile
View File

@ -1,11 +1,14 @@
SHELL:=bash
SHELL:=/usr/bin/env bash
PREFIX?="/usr"
DESTDIR?=
#
# Building:
#
git-secret: src/version.sh src/_utils/* src/commands/* src/main.sh
@cat $^ > "$@"; \
chmod +x git-secret; sync
.PHONY: all
all: build
@ -14,164 +17,130 @@ clean:
@rm -f git-secret
.PHONY: build
build:
@cat src/version.sh > git-secret
@cat src/_utils/*.sh src/commands/*.sh >> git-secret
@cat src/main.sh >> git-secret
@chmod +x git-secret; sync
build: git-secret
.PHONY: install
install:
"${SHELL}" ./utils/install.sh "${DESTDIR}${PREFIX}"
@chmod +x "./utils/install.sh"; sync; \
"./utils/install.sh" "${PREFIX}"
.PHONY: uninstall
uninstall:
"${SHELL}" ./utils/uninstall.sh "${DESTDIR}${PREFIX}"
@chmod +x "./utils/uninstall.sh"; sync; \
"./utils/uninstall.sh" "${PREFIX}"
#
# Testing and linting:
# Testing:
#
# The $(shell echo $${PWD}) construct is to access *nix paths under windows
# Under git for windows '$PATH' is set to windows paths, e.g. C:\Something
# Using a sub-shell we get the raw *nix paths, e.g. /c/Something
.PHONY: install-test
install-test:
@if [ ! -d "vendor/bats" ]; then \
git clone https://github.com/sstephenson/bats.git vendor/bats; fi
.PHONY: test
test: clean build
export SECRETS_PROJECT_ROOT="$(shell echo $${PWD})"; \
export PATH="$(shell echo $${PWD})/vendor/bats-core/bin:$(shell echo $${PWD}):$(shell echo $${PATH})"; \
"${SHELL}" ./utils/tests.sh
# We use this script in CI and you can do this too!
# What happens here?
# 1. We pass `SECRETS_DOCKER_ENV` variable into this job
# 2. Based on it, we select a proper `docker` image to run test on
# 3. We execute `make test` inside the `docker` container
.PHONY: docker-ci
docker-ci: clean
@[ -z "${SECRETS_DOCKER_ENV}" ] \
&& echo 'SECRETS_DOCKER_ENV is unset' && exit 1 || true
docker build \
-f ".ci/docker-ci/$${SECRETS_DOCKER_ENV}/Dockerfile" \
-t "gitsecret-$${SECRETS_DOCKER_ENV}:latest" .
docker run --rm \
--volume="$${PWD}:/code" \
-w /code \
"gitsecret-$${SECRETS_DOCKER_ENV}" \
make test
.PHONY: lint-shell
lint-shell:
docker pull koalaman/shellcheck:latest
docker run \
--volume="$${PWD}:/code" \
-w /code \
-e SHELLCHECK_OPTS='-s bash -S style -a' \
--rm koalaman/shellcheck \
$$(find src .ci utils tests docs -type f \
-name '*.sh' -o -name '*.bash' -o -name '*.bats')
.PHONY: lint-docker
lint-docker:
docker pull hadolint/hadolint:latest-alpine
docker run \
--volume="$${PWD}:/code" \
-w /code \
--rm hadolint/hadolint \
hadolint \
--ignore=DL3008 --ignore=DL3018 --ignore=DL3041 --ignore=DL3028 \
.ci/*/**/Dockerfile
.PHONY: lint
lint: lint-shell lint-docker
test: install-test clean build
@chmod +x "./utils/tests.sh"; sync; \
export SECRET_PROJECT_ROOT="${PWD}"; \
export PATH="${PWD}/vendor/bats/bin:${PWD}:${PATH}"; \
"./utils/tests.sh"
#
# Manuals and docs:
# Manuals:
#
.PHONY: install-ronn
install-ronn:
@if [ ! `gem list ronn -i` == "true" ]; then gem install ronn; fi
.PHONY: clean-man
clean-man:
@find "man/" -type f ! -name "*.md" -delete
@find "man/" -type f ! -name "*.ronn" -delete
.PHONY: build-man
build-man: build
docker pull msoap/ruby-ronn
export GITSECRET_VERSION="$$(./git-secret --version)" && docker run \
--volume="$${PWD}:/code" \
-w /code \
--rm msoap/ruby-ronn \
ronn --roff \
--organization=sobolevn \
--manual="git-secret $${GITSECRET_VERSION}" \
man/*/*.md
build-man: install-ronn clean-man
@ronn --roff --organization="sobolevn" --manual="git-secret" man/*/*.ronn
.PHONY: build-docs
build-docs: build-man
"${SHELL}" docs/build.sh
.PHONY: build-gh-pages
build-gh-pages:
@chmod +x "./utils/gh-branch.sh"; sync; \
"./utils/gh-branch.sh"
.PHONY: docs
docs: build-docs
docker pull jekyll/jekyll
docker run \
--volume="$${PWD}/docs:/code" \
-w /code \
-p 4000:4000 \
--rm jekyll/jekyll \
jekyll serve --safe --strict_front_matter
#
# Development:
#
.PHONY: changelog
changelog:
@[ -z "${GITHUB_REPOSITORY}" ] \
&& echo 'GITHUB_REPOSITORY is unset' && exit 1 || true
@[ -z "${GITHUB_TOKEN}" ] \
&& echo 'GITHUB_TOKEN is unset' && exit 1 || true
docker pull githubchangeloggenerator/github-changelog-generator
docker run \
--volume="$${PWD}:/code" \
-w /code \
--entrypoint='' \
-e GITHUB_REPOSITORY \
-e GITHUB_TOKEN \
--rm githubchangeloggenerator/github-changelog-generator \
sh ".ci/github_release_script.sh"
.PHONY: install-hooks
install-hooks:
@ln -fs "${PWD}/utils/hooks/pre-commit.sh" "${PWD}/.git/hooks/pre-commit"; \
chmod +x "${PWD}/.git/hooks/pre-commit"; sync; \
ln -fs "${PWD}/utils/hooks/post-commit.sh" "${PWD}/.git/hooks/post-commit"; \
chmod +x "${PWD}/.git/hooks/post-commit"; sync
.PHONY: develop
develop: clean build install-hooks
.PHONY: lint
lint:
@find src utils -type f -name '*.sh' -print0 | xargs -0 -I {} shellcheck {}
#
# Packaging:
#
.PHONY: build-release
build-release: clean build-man
@[ -z "${SECRETS_RELEASE_TYPE}" ] \
&& echo 'SECRETS_RELEASE_TYPE is unset' && exit 1 || true
docker build \
-f ".ci/releaser/alpine/Dockerfile" \
-t "gitsecret-releaser:latest" .
docker run \
--volume="$${PWD}:/code" \
--rm gitsecret-releaser \
bash "./utils/$${SECRETS_RELEASE_TYPE}/build.sh"
.PHONY: install-fpm
install-fpm:
@if [ ! `gem list fpm -i` == "true" ]; then gem install fpm; fi
.PHONY: release
release: build-release
@[ -z "${SECRETS_ARTIFACTORY_CREDENTIALS}" ] \
&& echo 'SECRETS_ARTIFACTORY_CREDENTIALS is unset' && exit 1 || true
docker run \
--volume="$${PWD}:/code" \
-e SECRETS_ARTIFACTORY_CREDENTIALS \
-e SECRETS_DEPLOY_DRY_RUN \
--rm gitsecret-releaser \
bash "./utils/$${SECRETS_RELEASE_TYPE}/deploy.sh"
# .deb:
.PHONY: release-ci
release-ci:
@[ -z "${SECRETS_RELEASE_ENV}" ] \
&& echo 'SECRETS_RELEASE_ENV is unset' && exit 1 || true
@[ -z "${SECRETS_RELEASE_TYPE}" ] \
&& echo 'SECRETS_RELEASE_TYPE is unset' && exit 1 || true
docker build \
-f ".ci/release-ci/$${SECRETS_RELEASE_ENV}/Dockerfile" \
-t "gitsecret-release-$${SECRETS_RELEASE_ENV}:latest" .
docker run --rm \
--volume="$${PWD}:/code" \
-w /code \
"gitsecret-release-$${SECRETS_RELEASE_ENV}" \
bash -c "set -e; bash "./utils/$${SECRETS_RELEASE_TYPE}/install.sh""
.PHONY: build-deb
build-deb: clean build install-fpm
@chmod +x "./utils/build-utils.sh"; sync; \
chmod +x "./utils/deb/deb-build.sh"; sync; \
export SECRET_PROJECT_ROOT="${PWD}"; \
"./utils/deb/deb-build.sh"
.PHONY: test-deb-ci
test-deb-ci: install-test build-deb
@chmod +x "./utils/deb/deb-ci.sh"; sync; \
export SECRET_PROJECT_ROOT="${PWD}"; \
export PATH="${PWD}/vendor/bats/bin:${PATH}"; \
"./utils/deb/deb-ci.sh"
.PHONY: deploy-deb
deploy-deb: build-deb
@chmod +x "./utils/deb/deb-deploy.sh"; sync; \
export SECRET_PROJECT_ROOT="${PWD}"; \
"./utils/deb/deb-deploy.sh"
# .rpm:
.PHONY: build-rpm
build-rpm: clean build install-fpm
@chmod +x "./utils/build-utils.sh"; sync; \
chmod +x "./utils/rpm/rpm-build.sh"; sync; \
export SECRET_PROJECT_ROOT="${PWD}"; \
"./utils/rpm/rpm-build.sh"
.PHONY: test-rpm-ci
test-rpm-ci: install-test build-rpm
@chmod +x "./utils/rpm/rpm-ci.sh"; sync; \
export SECRET_PROJECT_ROOT="${PWD}"; \
export PATH="${PWD}/vendor/bats/bin:${PATH}"; \
"./utils/rpm/rpm-ci.sh"
.PHONY: deploy-rpm
deploy-rpm: build-rpm
@chmod +x "./utils/rpm/rpm-deploy.sh"; sync; \
export SECRET_PROJECT_ROOT="${PWD}"; \
"./utils/rpm/rpm-deploy.sh"
# make:
.PHONY: test-make-ci
test-make-ci: clean install-test
@chmod +x "./utils/make/make-ci.sh"; sync; \
export SECRET_PROJECT_ROOT="${PWD}"; \
export PATH="${PWD}/vendor/bats/bin:${PATH}"; \
"./utils/make/make-ci.sh"

106
README.md
View File

@ -1,123 +1,37 @@
# git-secret
[![Build Status](https://img.shields.io/travis/sobolevn/git-secret/master.svg)](https://travis-ci.org/sobolevn/git-secret) [![Homebrew](https://img.shields.io/homebrew/v/git-secret.svg)](http://braumeister.org/formula/git-secret) [![Bintray deb](https://img.shields.io/bintray/v/sobolevn/deb/git-secret.svg)](https://bintray.com/sobolevn/deb/git-secret/view) [![Dockerhub](https://img.shields.io/docker/pulls/sobolevn/git-secret.svg)](https://hub.docker.com/r/sobolevn/git-secret/)
[![test](https://github.com/sobolevn/git-secret/actions/workflows/test.yml/badge.svg?branch=master&event=push)](https://github.com/sobolevn/git-secret/actions/workflows/test.yml)
[![release-ci](https://github.com/sobolevn/git-secret/actions/workflows/release-ci.yml/badge.svg)](https://github.com/sobolevn/git-secret/actions/workflows/release-ci.yml)
[![Homebrew](https://img.shields.io/homebrew/v/git-secret.svg)](https://formulae.brew.sh/formula/git-secret)
[![Supporters](https://img.shields.io/opencollective/all/git-secret.svg?color=gold&label=supporters)](https://opencollective.com/git-secret)
[![git-secret](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/git-secret-big.png)](https://git-secret.io/)
[![git-secret](https://raw.githubusercontent.com/sobolevn/git-secret/gh-pages/images/git-secret-big.png)](http://git-secret.io/)
## What is `git-secret`?
`git-secret` is a bash tool which stores private data inside a git repo.
`git-secret` encrypts files with permitted users' public keys,
allowing users you trust to access encrypted data using pgp and their secret keys.
With `git-secret`, changes to access rights are simplified, and private-public key issues are handled for you.
When someone's permission is revoked, secrets do not need to be changed with `git-secret` -
just remove their key from the repo's keyring using `git secret removeperson their@email.com`,
re-encrypt the files, and they won't be able to decrypt secrets anymore.
If you think the user might have copied the secrets or keys when they had access, then
you should also change the secrets.
`git-secret` is a bash tool to store your private data inside a git repo. Hows that? Basically, it just encrypts, using `gpg`, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete their public key, re-encrypt the files, and they wont be able to decrypt secrets anymore.
## Preview
[![git-secret terminal preview](git-secret.gif)](https://asciinema.org/a/41811?autoplay=1)
[![git-secret terminal preview](https://asciinema.org/a/41811.png)](https://asciinema.org/a/41811?autoplay=1)
## Usage
See the [git-secret site](http://git-secret.io/).
## Installation
`git-secret` [supports `brew`](https://formulae.brew.sh/formula/git-secret), just type: `brew install git-secret`
It also supports `apt` and `yum`. You can also use `make` if you want to.
See the [installation section](https://sobolevn.me/git-secret/installation) for the details.
### Requirements
`git-secret` relies on several external packages:
- `bash` since `3.2.57` (it is hard to tell the correct `patch` release)
- `gawk` since `4.0.2`
- `git` since `1.8.3.1`
- `gpg` since `gnupg 1.4` to `gnupg 2.X`
- `sha256sum` since `8.21` (on freebsd and MacOS `shasum` is used instead)
See the [installation section](http://git-secret.io/#installation).
## Contributing
Do you want to help the project? Find an [issue](https://github.com/sobolevn/git-secret/issues)
and send a PR. It is more than welcomed! See [CONTRIBUTING.md](CONTRIBUTING.md) on how to do that.
### Security
In order to encrypt (git-secret hide -m) files only when modified, the path
mappings file tracks sha256sum checksums of the files added (git-secret add) to
git-secret's path mappings filesystem database. Although, the chances of
encountering a sha collision are low, it is recommend that you pad files with
random data for greater security. Or avoid using the `-m` option altogether.
If your secret file holds more data than just a single password these
precautions should not be necessary, but could be followed for greater
security.
If you found any security related issues, please do not disclose it in public. Send an email to `mail@sobolevn.me`
See [CONTRIBUTING.md](CONTRIBUTING.md).
## Changelog
`git-secret` uses [semver](https://semver.org/). See [CHANGELOG.md](CHANGELOG.md).
## Packagers
Thanks to all the people and groups who package `git-secret` for easier install on particular OSes and distributions!
[![Packaging status](https://repology.org/badge/vertical-allrepos/git-secret.svg)](https://repology.org/project/git-secret/versions)
Here are some packagings of `git-secret` that we're aware of:
- https://formulae.brew.sh/formula/git-secret
- https://packages.ubuntu.com/bionic/git-secret
- https://src.fedoraproject.org/rpms/git-secret
- https://aur.archlinux.org/packages/git-secret/
- https://pkgs.alpinelinux.org/package/edge/testing/x86/git-secret
- https://packages.debian.org/sid/git-secret
- https://github.com/void-linux/void-packages/blob/master/srcpkgs/git-secret/template
Such packages are considered 'downstream' because the git-secret code 'flows' from the `git-secret` [repository](https://git-secret.io/installation)
to the various rpm/deb/dpkg/etc packages that are created for specific OSes and distributions.
We have also added notes specifically for packagers in [CONTRIBUTING.md](CONTRIBUTING.md).
## Sponsors
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/git-secret#sponsor)]
[![Sponsors](https://opencollective.com/git-secret/tiers/sponsor.svg?width=890)](https://opencollective.com/git-secret)
## Backers
Thanks to all our backers!
[![Backers](https://opencollective.com/git-secret/tiers/backer.svg?width=890&avatarHeight=36)](https://opencollective.com/git-secret)
## Contributors
This project exists thanks to all the people who contribute. [[Contribute](CONTRIBUTING.md)].
<a href="https://github.com/sobolevn/git-secret/graphs/contributors"><img src="https://opencollective.com/git-secret/contributors.svg?width=890" /></a>
See [CHANGELOG.md](CHANGELOG.md).
## License
MIT. See [LICENSE.md](LICENSE.md) for details.
## Thanks
Special thanks to [Elio Qoshi](https://elioqoshi.me/sq/) from [ura](http://ura.design/) for the awesome logo.

142
RFC/RFC001.md
View File

@ -1,142 +0,0 @@
# RFC 0001 - A stable and forwards compatible public key storage format
**Feature Name:** Stable public key storage
**Status:** Final
**Type:** Enhancement
**Related components:** Core
**Start Date:** 2018-06-14
**Author:** Simon Massey
**GitHub issues:**
* #136 GnuPG2 2.2 vs 2.1 conflicts in keybox format
## Summary
A new internal public key storage format that avoids forwards compatibility issues between GPG releases. This proposal will keep forwards compatibility with older versions of git-secret.
## Motivation
GPG maintains backwards compatibility but not forwards compatibility. Running a new GPG version can and will upgrade the keyring storage files in a way that is not recognized by older versions of GPG. This is not normally a problem for typical GPG usage. Users will upgrade and rarely downgrade. It is a problem for git-secret as the keyring storage is committed to git and shared between users. Someone using an older version of GPG can no longer open the upgraded keyring file.
## Approach
git-secret will move away from using the keyring format as shared storage of public keys. Instead, it will store public keys as exported keys in ASCII armor format. The public key export format is stable and forwards compatible. GPG users will typically be running different GPG or PGP versions and are able to exchange keys successfully. Bugs that affect git-secret's ability to use exported public keys will likely affect typical GPG key exchange usage. Such bugs are likely to be caught and fixed by the wider open source community.
git-secret may need to store and process meta-data about keys to make it efficient to work with keys that are stored within individual files. It will use the machine-readable ["colon listings format"](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob_plain;f=doc/DETAILS) for this purpose.
It is anticipated that `bash` and `gawk` will be sufficient to work efficiently with the new file formats.
## Design
The new storage format will be implemented as follows:
1. Keys will be stored in `~/.gitsecret/keys` in `gpg --armor --export` format. The use of ASCII armor rather than binary format is to make debugging of key related issues easier. The filename of the key will be `<keyid>.pub.gpg` (using Field 5 the "64-bit keyid" of the colon listings format)
1. Key meta data will be stored alongside the key file in the `gpg --keyid-format long --with-colons` format. The file name will be `<keyid>.pub.cln`
1. A folder `~/.gitsecret/cache` will be added to `.gitignore`. At this location, a public keyring will be maintained on a per user bases and won't be shared between users. This is simply a "keyring cache" of the keys used to encrypt files.
git-secret-tell will:
1. Scan the set of `*.pub.cln` files to find all currently told identities. If the given identity is in the list do nothing.
1. If the given identity isn't listed run `gpg --armor --export` against the users `$HOME` keyring to create the `<key-id>.pub.gpg`.
1. Run `--keyid-format long --with-colons` of the exported key to create the `<key-id>.pub.cln`.
Note that the additional steps to ensure that older versions of git-secret know about the newly told identity will be outlined below.
git-secret-hide will:
1. Extract the list of "64-bit keyid"s who are told from the `*.pub.cln` files. Note that multiple identities can be listed against each key.
1. Checked this against the list of "64-bit keyid"s in the "keyring cache" at `~/.gitsecret/cache`.
1. Import any missing keys into the "keyring cache". It is anticipated that `gawk` will be sufficient to perform this calculation.
1. Run the current logic using the "keyring cache".
Note that the additional steps to ensure that older versions of git-secret know about the newly told user will be outlined below.
git-secret-whoknows will:
1. The list of identities will be loaded by parsing the `.pub.cln` files. Note that multiple identities can be listed against each key.
git-secret-usage will:
1. Document the git-secret-migrate command discussed in the next section.
git-secret-reveal will:
* Be unchanged.
git-secret-remove will:
* Be unchanged.
git-secret-list will:
* Be unchanged.
git-secret-killperson will:
1. Remove the key from the keyring cache.
1. Delete both `<key-id>.pub.gpg` and `<key-id>.pub.cln` files.
git-secret-init will:
1. Add `~/.gitsecret/cache` into `.gitignore`.
1. Run any current logic using the ignored "keyring cache".
git-secret-clean will:
* Be unchanged.
git-secret-changes will:
1. Show differences the `<key-id>.pub.gpg` and `<key-id>.pub.cln` files in `~/.gitsecret/keys`.
git-secret-add will:
* Be unchanged.
A new command git-secret-migrate will:
1. Create the folder `~/.gitsecret/cache` and add it to the `.gitignore` file.
1. Extract all keys from the old keyring generating `<key-id>.pub.gpg` and `<key-id>.pub.cln` files in `~/.gitsecret/keys`
## Version Compatibility
Backwards compatibility will the old keyring storage approach will be maintained as follows:
1. For each changed command a guard will be added that checks for the existence of `.gitsecret/cache`.
1. If the folder exists it proceeds as normal.
1. If it does not exist it will report that the repo was initialized by an older version of git-secret and tell the user to run git-secret-migrate
Forwards compatibility with older versions of git-secret will be maintained as follows.
git-secret-hide will:
1. Have a guard that will check for the existence of the old keyring. If it exists it will check it for any new public keys and extract them into the new format prior to running.
git-secret-tell will:
1. Will check for the existence of the old keyring. If it exists it will load the new public key into it.
git-secret-killperson
1. Will check for the existence of the old keyring. If it exists it will delete the user from it.
## Drawbacks
To maintain forward compatibility the approach requires the existing logic to kept working for a period of time. We can give a deprecated warning if the forwards compatibility logic is running. The warning can be suppressed using a command-line flag.
## Alternatives
What other designs have been considered? Unknown.
What is the impact of not doing this? Team members are locked out of secrets when only one other team member upgrades GPG. This can go undetected until the victims needs the secrets in a hurry for production support. Bad things then happen.
## Unresolved questions
What parts of the design are still to be done? None.

6
docs/Gemfile
View File

@ -1,6 +0,0 @@
source "https://rubygems.org"
group :jekyll_plugins do
gem "jekyll", ">= 3.6.3"
gem "jekyll-seo-tag", "~> 2.8.0"
end

81
docs/Gemfile.lock
View File

@ -1,81 +0,0 @@
GEM
remote: https://rubygems.org/
specs:
addressable (2.8.7)
public_suffix (>= 2.0.2, < 7.0)
bigdecimal (3.1.8)
colorator (1.1.0)
concurrent-ruby (1.3.4)
em-websocket (0.5.3)
eventmachine (>= 0.12.9)
http_parser.rb (~> 0)
eventmachine (1.2.7)
ffi (1.17.0-x86_64-linux-gnu)
ffi (1.17.0-x86_64-linux-musl)
forwardable-extended (2.6.0)
google-protobuf (4.28.1-x86_64-linux)
bigdecimal
rake (>= 13)
http_parser.rb (0.8.0)
i18n (1.14.6)
concurrent-ruby (~> 1.0)
jekyll (4.3.4)
addressable (~> 2.4)
colorator (~> 1.0)
em-websocket (~> 0.5)
i18n (~> 1.0)
jekyll-sass-converter (>= 2.0, < 4.0)
jekyll-watch (~> 2.0)
kramdown (~> 2.3, >= 2.3.1)
kramdown-parser-gfm (~> 1.0)
liquid (~> 4.0)
mercenary (>= 0.3.6, < 0.5)
pathutil (~> 0.9)
rouge (>= 3.0, < 5.0)
safe_yaml (~> 1.0)
terminal-table (>= 1.8, < 4.0)
webrick (~> 1.7)
jekyll-sass-converter (3.0.0)
sass-embedded (~> 1.54)
jekyll-seo-tag (2.8.0)
jekyll (>= 3.8, < 5.0)
jekyll-watch (2.2.1)
listen (~> 3.0)
kramdown (2.4.0)
rexml
kramdown-parser-gfm (1.1.0)
kramdown (~> 2.0)
liquid (4.0.4)
listen (3.9.0)
rb-fsevent (~> 0.10, >= 0.10.3)
rb-inotify (~> 0.9, >= 0.9.10)
mercenary (0.4.0)
pathutil (0.16.2)
forwardable-extended (~> 2.6)
public_suffix (6.0.1)
rake (13.2.1)
rb-fsevent (0.11.2)
rb-inotify (0.11.1)
ffi (~> 1.0)
rexml (3.3.7)
rouge (4.4.0)
safe_yaml (1.0.5)
sass-embedded (1.78.0-x86_64-linux-gnu)
google-protobuf (~> 4.27)
sass-embedded (1.78.0-x86_64-linux-musl)
google-protobuf (~> 4.27)
terminal-table (3.0.2)
unicode-display_width (>= 1.1.1, < 3)
unicode-display_width (2.6.0)
webrick (1.8.1)
PLATFORMS
x86_64-linux
x86_64-linux-musl
DEPENDENCIES
jekyll (>= 3.6.3)
jekyll-seo-tag (~> 2.8.0)
BUNDLED WITH
2.2.2

17
docs/_config.yml
View File

@ -1,17 +0,0 @@
# Site settings
title: git-secret
email: mail@sobolevn.me
description: Shell scripts to encrypt your private data inside a git repository.
baseurl: "/git-secret" # the subpath of your site, e.g. /blog
url: "https://sobolevn.me" # the base hostname & protocol for your site
# GitHub links:
github_username: sobolevn
github_changelog: "https://github.com/sobolevn/git-secret/blob/master/CHANGELOG.md"
# Seo settings:
plugins:
- jekyll-seo-tag
# Build settings
markdown: kramdown

33
docs/_includes/favicons.html
View File

@ -1,33 +0,0 @@
<link rel="apple-touch-icon" sizes="57x57"
href="/images/favicons/apple-icon-57x57.png">
<link rel="apple-touch-icon" sizes="60x60"
href="/images/favicons/apple-icon-60x60.png">
<link rel="apple-touch-icon" sizes="72x72"
href="/images/favicons/apple-icon-72x72.png">
<link rel="apple-touch-icon" sizes="76x76"
href="/images/favicons/apple-icon-76x76.png">
<link rel="apple-touch-icon" sizes="114x114"
href="/images/favicons/apple-icon-114x114.png">
<link rel="apple-touch-icon" sizes="120x120"
href="/images/favicons/apple-icon-120x120.png">
<link rel="apple-touch-icon" sizes="144x144"
href="/images/favicons/apple-icon-144x144.png">
<link rel="apple-touch-icon" sizes="152x152"
href="/images/favicons/apple-icon-152x152.png">
<link rel="apple-touch-icon" sizes="180x180"
href="/images/favicons/apple-icon-180x180.png">
<link rel="icon" type="image/png" sizes="192x192"
href="/images/favicons/android-icon-192x192.png">
<link rel="icon" type="image/png" sizes="32x32"
href="/images/favicons/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="96x96"
href="/images/favicons/favicon-96x96.png">
<link rel="icon" type="image/png" sizes="16x16"
href="/images/favicons/favicon-16x16.png">
<link rel="manifest" href="/images/favicons/manifest.json">
<meta name="msapplication-TileColor" content="#ffffff">
<meta name="msapplication-TileImage"
content="/images/favicons/ms-icon-144x144.png">
<meta name="theme-color" content="#ffffff">

38
docs/_includes/footer.html
View File

@ -1,38 +0,0 @@
<footer class="site-footer">
<div class="wrapper">
<h2 class="footer-heading">{{ site.title }}</h2>
<div class="footer-col-wrapper">
<div class="footer-col footer-col-1">
<ul class="contact-list">
<li><a href="http://wemake.services">wemake.services</a></li>
<li><a href="mailto:{{ site.email }}">{{ site.email }}</a></li>
</ul>
</div>
<div class="footer-col footer-col-2">
<ul class="social-media-list">
{% if site.github_username %}
<li>
{% include icon-github.html username=site.github_username %}
</li>
{% endif %}
{% if site.twitter_username %}
<li>
{% include icon-twitter.html username=site.twitter_username %}
</li>
{% endif %}
</ul>
</div>
<div class="footer-col footer-col-3">
<p>{{ site.description }}</p>
</div>
</div>
</div>
</footer>

18
docs/_includes/head.html
View File

@ -1,18 +0,0 @@
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>{% if page.title %}{{ page.title }}{% else %}{{ site.title }}{% endif %}</title>
<meta name="description" content="{% if page.excerpt %}{{ page.excerpt | strip_html | strip_newlines | truncate: 160 }}{% else %}{{ site.description }}{% endif %}">
<link rel="stylesheet" href="{{ "/css/main.css" | prepend: site.baseurl }}">
<link rel="canonical"
href="{{ page.url | replace:'index.html','' | prepend: site.baseurl | prepend: site.url }}">
<link rel="alternate" type="application/rss+xml" title="{{ site.title }}"
href="{{ "/feed.xml" | prepend: site.baseurl | prepend: site.url }}">
{% include favicons.html %}
{% seo %}
</head>

38
docs/_includes/header.html
View File

@ -1,38 +0,0 @@
<header class="site-header">
<div class="wrapper">
<a class="site-title" href="{{ site.baseurl }}/">
{{ site.title }} v{% include version.txt %}
</a>
<div class="site-nav">
<a href="#" class="menu-icon">
<svg viewBox="0 0 18 15">
<path fill="#424242" d="M18,1.484c0,0.82-0.665,1.484-1.484,1.484H1.484C0.665,2.969,0,2.304,0,1.484l0,0C0,0.665,0.665,0,1.484,0 h15.031C17.335,0,18,0.665,18,1.484L18,1.484z"/>
<path fill="#424242" d="M18,7.516C18,8.335,17.335,9,16.516,9H1.484C0.665,9,0,8.335,0,7.516l0,0c0-0.82,0.665-1.484,1.484-1.484 h15.031C17.335,6.031,18,6.696,18,7.516L18,7.516z"/>
<path fill="#424242" d="M18,13.516C18,14.335,17.335,15,16.516,15H1.484C0.665,15,0,14.335,0,13.516l0,0 c0-0.82,0.665-1.484,1.484-1.484h15.031C17.335,12.031,18,12.696,18,13.516L18,13.516z"/>
</svg>
</a>
<div class="trigger">
<!-- Place this tag where you want the button to render. -->
<a class="github-button" href="https://github.com/sobolevn/git-secret" data-icon="octicon-star" data-size="large" data-show-count="true" aria-label="Star git-secret on GitHub">
Star
</a>
</div>
</div>
</div>
<nav class="site-navigation">
<a href="{{ "/installation" | prepend: site.baseurl }}">Installation</a>
<a href="{{ "/#commands" | prepend: site.baseurl }}">Commands</a>
<a href="{{ "/plugins" | prepend: site.baseurl }}">External plugins</a>
<a href="{{ site.github_changelog }}">Changelog</a>
</nav>
</header>
<!-- Required for GitHub buttons. -->
<script async defer src="https://buttons.github.io/buttons.js"></script>

4
docs/_includes/icon-github.html
View File

@ -1,4 +0,0 @@
<a href="https://github.com/{{ include.username }}">
<span class="icon icon--github">{% include icon-github.svg %}</span>
<span class="username">{{ include.username }}</span>
</a>

1
docs/_includes/icon-github.svg
View File

@ -1 +0,0 @@
<svg viewBox="0 0 16 16"><path fill="#828282" d="M7.999,0.431c-4.285,0-7.76,3.474-7.76,7.761 c0,3.428,2.223,6.337,5.307,7.363c0.388,0.071,0.53-0.168,0.53-0.374c0-0.184-0.007-0.672-0.01-1.32 c-2.159,0.469-2.614-1.04-2.614-1.04c-0.353-0.896-0.862-1.135-0.862-1.135c-0.705-0.481,0.053-0.472,0.053-0.472 c0.779,0.055,1.189,0.8,1.189,0.8c0.692,1.186,1.816,0.843,2.258,0.645c0.071-0.502,0.271-0.843,0.493-1.037 C4.86,11.425,3.049,10.76,3.049,7.786c0-0.847,0.302-1.54,0.799-2.082C3.768,5.507,3.501,4.718,3.924,3.65 c0,0,0.652-0.209,2.134,0.796C6.677,4.273,7.34,4.187,8,4.184c0.659,0.003,1.323,0.089,1.943,0.261 c1.482-1.004,2.132-0.796,2.132-0.796c0.423,1.068,0.157,1.857,0.077,2.054c0.497,0.542,0.798,1.235,0.798,2.082 c0,2.981-1.814,3.637-3.543,3.829c0.279,0.24,0.527,0.713,0.527,1.437c0,1.037-0.01,1.874-0.01,2.129 c0,0.208,0.14,0.449,0.534,0.373c3.081-1.028,5.302-3.935,5.302-7.362C15.76,3.906,12.285,0.431,7.999,0.431z"/></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 926 B

4
docs/_includes/icon-twitter.html
View File

@ -1,4 +0,0 @@
<a href="https://twitter.com/{{ include.username }}">
<span class="icon icon--twitter">{% include icon-twitter.svg %}</span>
<span class="username">{{ include.username }}</span>
</a>

1
docs/_includes/icon-twitter.svg
View File

@ -1 +0,0 @@
<svg viewBox="0 0 16 16"><path fill="#828282" d="M15.969,3.058c-0.586,0.26-1.217,0.436-1.878,0.515c0.675-0.405,1.194-1.045,1.438-1.809c-0.632,0.375-1.332,0.647-2.076,0.793c-0.596-0.636-1.446-1.033-2.387-1.033c-1.806,0-3.27,1.464-3.27,3.27 c0,0.256,0.029,0.506,0.085,0.745C5.163,5.404,2.753,4.102,1.14,2.124C0.859,2.607,0.698,3.168,0.698,3.767 c0,1.134,0.577,2.135,1.455,2.722C1.616,6.472,1.112,6.325,0.671,6.08c0,0.014,0,0.027,0,0.041c0,1.584,1.127,2.906,2.623,3.206 C3.02,9.402,2.731,9.442,2.433,9.442c-0.211,0-0.416-0.021-0.615-0.059c0.416,1.299,1.624,2.245,3.055,2.271 c-1.119,0.877-2.529,1.4-4.061,1.4c-0.264,0-0.524-0.015-0.78-0.046c1.447,0.928,3.166,1.469,5.013,1.469 c6.015,0,9.304-4.983,9.304-9.304c0-0.142-0.003-0.283-0.009-0.423C14.976,4.29,15.531,3.714,15.969,3.058z"/></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 787 B

49
docs/_includes/why.md
View File

@ -1,49 +0,0 @@
## Intro
There's a well known issue with deploying and configuring software on servers:
generally you have to store your private data
(such as database passwords, application secret-keys, OAuth secret keys, etc)
outside of the git repository.
If you do choose to store these secrets unencrypted in your git repo,
even if the repository is private, it is a security risk to copy
the secrets everywhere you check out your repo.
What are some drawbacks of storing secrets separately from your git repo?
1. These files are not version controlled.
Filenames, locations, and passwords change from time to time,
or new information appears, and other information is removed.
When secrets are stored separately from your repo,
you can not tell for sure which version of the configuration file was used with each commit
or deploy.
2. When building the automated deployment system there will be one extra step:
download and place these secret-configuration files where they need to be.
This also means you have to maintain extra secure servers where all your secrets are stored.
### How does `git-secret` solve these problems?
1. `git-secret` encrypts files and stores them inside your `git` repository, providing a history of changes for every commit.
2. `git-secret` doesn't require any extra deploy operations other than providing the appropriate
private key (to allow decryption), and using `git secret reveal`
to decrypt all the secret files.
### What is `git-secret`?
`git-secret` is a bash tool to store your private data inside a `git` repo.
How's that? Basically, it uses `gpg` to encrypt files with the
public keys of the users that you trust, and which you have specified with
`git secret tell email@address.id`.
Then these users can decrypt these files using their personal secret key.
Why deal with all this private/public key stuff?
To make it easier to manage access rights.
When you want to remove someone's access, use `git secret removeperson email@address.id`
to delete their public key from your repo's git-secret keyring, and reencrypt the files.
Then they won't be able to decrypt secrets anymore.
[![git-secret terminal preview](https://raw.githubusercontent.com/sobolevn/git-secret/master/git-secret.gif)](https://asciinema.org/a/41811?autoplay=1)

22
docs/_layouts/default.html
View File

@ -1,22 +0,0 @@
<!DOCTYPE html>
<html>
{% include head.html %}
<body>
{% include header.html %}
<div class="page-content">
<div class="wrapper">
{{ content }}
</div>
</div>
{% include footer.html %}
<!-- Place this tag in your head or just before your close body tag. -->
<script async defer src="https://buttons.github.io/buttons.js"></script>
</body>
</html>

14
docs/_layouts/page.html
View File

@ -1,14 +0,0 @@
---
layout: default
---
<article class="post">
<header class="post-header">
<h1 class="post-title">{{ page.title }}</h1>
</header>
<div class="post-content">
{{ content }}
</div>
</article>

30
docs/_layouts/post.html
View File

@ -1,30 +0,0 @@
---
layout: default
---
<article class="post" itemscope itemtype="http://schema.org/BlogPosting">
<header class="post-header">
<h1 class="post-title" itemprop="name headline">
{{ page.title }}
</h1>
<p class="post-meta">
<time datetime="{{ page.date | date_to_xmlschema }}" itemprop="datePublished">
{{ page.date | date: "%b %-d, %Y" }}
</time>
{% if page.author %}
<span itemprop="author" itemscope itemtype="http://schema.org/Person">
<span itemprop="name">
{{ page.author }}
</span>
</span>
{% endif %}
</p>
</header>
<div class="post-content" itemprop="articleBody">
{{ content }}
</div>
</article>

206
docs/_sass/_base.scss
View File

@ -1,206 +0,0 @@
/**
* Reset some basic elements
*/
body, h1, h2, h3, h4, h5, h6,
p, blockquote, pre, hr,
dl, dd, ol, ul, figure {
margin: 0;
padding: 0;
}
/**
* Basic styling
*/
body {
font: $base-font-weight #{$base-font-size}/#{$base-line-height} $base-font-family;
color: $text-color;
background-color: $background-color;
-webkit-text-size-adjust: 100%;
-webkit-font-feature-settings: "kern" 1;
-moz-font-feature-settings: "kern" 1;
-o-font-feature-settings: "kern" 1;
font-feature-settings: "kern" 1;
font-kerning: normal;
}
/**
* Set `margin-bottom` to maintain vertical rhythm
*/
h1, h2, h3, h4, h5, h6,
p, blockquote, pre,
ul, ol, dl, figure,
%vertical-rhythm {
margin-bottom: $spacing-unit / 2;
}
/**
* Images
*/
img {
max-width: 100%;
vertical-align: middle;
}
/**
* Figures
*/
figure > img {
display: block;
}
figcaption {
font-size: $small-font-size;
}
/**
* Lists
*/
ul, ol {
margin-left: $spacing-unit;
}
li {
> ul,
> ol {
margin-bottom: 0;
}
}
/**
* Headings
*/
h1, h2, h3, h4, h5, h6 {
font-weight: $base-font-weight;
}
/**
* Links
*/
a {
color: $brand-color;
text-decoration: none;
&:visited {
color: darken($brand-color, 15%);
}
&:hover {
color: $text-color;
text-decoration: underline;
}
}
/**
* Blockquotes
*/
blockquote {
color: $purple-color;
border-left: 4px solid $purple-color-light;
padding-left: $spacing-unit / 2;
font-size: 18px;
letter-spacing: -1px;
font-style: italic;
> :last-child {
margin-bottom: 0;
}
}
/**
* Code formatting
*/
pre,
code {
font-size: 15px;
border: 1px solid $purple-color-light;
border-radius: 3px;
background-color: #eef;
}
code {
padding: 1px 5px;
}
pre {
padding: 8px 12px;
overflow-x: auto;
> code {
border: 0;
padding-right: 0;
padding-left: 0;
}
}
/**
* Wrapper
*/
.wrapper {
max-width: -webkit-calc(#{$content-width} - (#{$spacing-unit} * 2));
max-width: calc(#{$content-width} - (#{$spacing-unit} * 2));
margin-right: auto;
margin-left: auto;
padding-right: $spacing-unit;
padding-left: $spacing-unit;
@extend %clearfix;
@include media-query($on-laptop) {
max-width: -webkit-calc(#{$content-width} - (#{$spacing-unit}));
max-width: calc(#{$content-width} - (#{$spacing-unit}));
padding-right: $spacing-unit / 2;
padding-left: $spacing-unit / 2;
}
}
/**
* Clearfix
*/
%clearfix {
&:after {
content: "";
display: table;
clear: both;
}
}
/**
* Icons
*/
.icon {
> svg {
display: inline-block;
width: 16px;
height: 16px;
vertical-align: middle;
path {
fill: $purple-color;
}
}
}

276
docs/_sass/_layout.scss
View File

@ -1,276 +0,0 @@
/**
* Site header
*/
.site-header {
border-top: 5px solid $purple-color-dark;
border-bottom: 1px solid $purple-color-light;
min-height: 56px;
// Positioning context for the mobile navigation icon
position: relative;
}
.site-title {
font-size: 26px;
font-weight: 300;
line-height: 56px;
letter-spacing: -1px;
margin-bottom: 0;
float: left;
&,
&:visited {
color: $purple-color-dark;
}
}
.site-nav {
@extend %clearfix;
float: right;
line-height: 56px;
.menu-icon {
display: none;
}
.page-link {
color: $text-color;
line-height: $base-line-height;
// Gaps between nav items, but not on the last one
&:not(:last-child) {
margin-right: 20px;
}
}
@include media-query($on-palm) {
position: absolute;
top: 9px;
right: $spacing-unit / 2;
background-color: $background-color;
border: 1px solid $purple-color-light;
border-radius: 5px;
text-align: right;
.menu-icon {
display: block;
float: right;
width: 36px;
height: 26px;
line-height: 0;
padding-top: 10px;
text-align: center;
> svg {
width: 18px;
height: 15px;
path {
fill: $purple-color-dark;
}
}
}
.trigger {
clear: both;
display: none;
}
&:hover .trigger, &:active .trigger {
display: block;
padding-bottom: 5px;
}
.page-link {
display: block;
padding: 5px 10px;
&:not(:last-child) {
margin-right: 0;
}
margin-left: 20px;
}
}
.trigger {
padding-top: 13px;
}
}
/**
* Site footer
*/
.site-footer {
border-top: 1px solid $purple-color-light;
padding: $spacing-unit 0;
}
.footer-heading {
font-size: 18px;
margin-bottom: $spacing-unit / 2;
}
.contact-list,
.social-media-list {
list-style: none;
margin-left: 0;
}
.footer-col-wrapper {
font-size: 15px;
color: $grey-color;
margin-left: -$spacing-unit / 2;
@extend %clearfix;
}
.footer-col {
float: left;
margin-bottom: $spacing-unit / 2;
padding-left: $spacing-unit / 2;
}
.footer-col-1 {
width: -webkit-calc(35% - (#{$spacing-unit} / 2));
width: calc(35% - (#{$spacing-unit} / 2));
}
.footer-col-2 {
width: -webkit-calc(20% - (#{$spacing-unit} / 2));
width: calc(20% - (#{$spacing-unit} / 2));
}
.footer-col-3 {
width: -webkit-calc(45% - (#{$spacing-unit} / 2));
width: calc(45% - (#{$spacing-unit} / 2));
}
@include media-query($on-laptop) {
.footer-col-1,
.footer-col-2 {
width: -webkit-calc(50% - (#{$spacing-unit} / 2));
width: calc(50% - (#{$spacing-unit} / 2));
}
.footer-col-3 {
width: -webkit-calc(100% - (#{$spacing-unit} / 2));
width: calc(100% - (#{$spacing-unit} / 2));
}
}
@include media-query($on-palm) {
.footer-col {
float: none;
width: -webkit-calc(100% - (#{$spacing-unit} / 2));
width: calc(100% - (#{$spacing-unit} / 2));
}
}
/**
* Page content
*/
.page-content {
padding: $spacing-unit 0;
}
.page-heading {
font-size: 20px;
}
.post-list {
li {
margin-bottom: 10px;
}
}
.post-meta {
font-size: $small-font-size;
color: $grey-color;
}
.post-link {
display: block;
font-size: 24px;
}
/**
* Posts
*/
.post-header {
margin-bottom: $spacing-unit;
}
.post-title {
font-size: 42px;
letter-spacing: -1px;
line-height: 1;
@include media-query($on-laptop) {
font-size: 36px;
}
}
.post-content {
margin-bottom: $spacing-unit;
h2 {
font-size: 32px;
@include media-query($on-laptop) {
font-size: 28px;
}
}
h3 {
font-size: 26px;
@include media-query($on-laptop) {
font-size: 22px;
}
}
h4 {
font-size: 20px;
@include media-query($on-laptop) {
font-size: 18px;
}
}
}
/**
* Navigation
*/
.site-navigation {
@extend .wrapper;
display: flex;
justify-content: space-between;
flex-wrap: wrap;
a {
color: $purple-color-dark;
@include media-query($on-laptop) {
flex-basis: 100%;
text-align: center;
}
}
}
/**
* Homepage
*/
.home {
.home-logo-image {
margin-top: 50px;
margin-bottom: 70px;
}
}

71
docs/_sass/_syntax-highlighting.scss
View File

@ -1,71 +0,0 @@
/**
* Syntax highlighting styles
*/
.highlight {
background: #fff;
@extend %vertical-rhythm;
.highlighter-rouge & {
background: #eef;
}
.c { color: #998; font-style: italic } // Comment
.err { color: #a61717; background-color: #e3d2d2 } // Error
.k { font-weight: bold } // Keyword
.o { font-weight: bold } // Operator
.cm { color: #998; font-style: italic } // Comment.Multiline
.cp { color: #999; font-weight: bold } // Comment.Preproc
.c1 { color: #998; font-style: italic } // Comment.Single
.cs { color: #999; font-weight: bold; font-style: italic } // Comment.Special
.gd { color: #000; background-color: #fdd } // Generic.Deleted
.gd .x { color: #000; background-color: #faa } // Generic.Deleted.Specific
.ge { font-style: italic } // Generic.Emph
.gr { color: #a00 } // Generic.Error
.gh { color: #999 } // Generic.Heading
.gi { color: #000; background-color: #dfd } // Generic.Inserted
.gi .x { color: #000; background-color: #afa } // Generic.Inserted.Specific
.go { color: #888 } // Generic.Output
.gp { color: #555 } // Generic.Prompt
.gs { font-weight: bold } // Generic.Strong
.gu { color: #aaa } // Generic.Subheading
.gt { color: #a00 } // Generic.Traceback
.kc { font-weight: bold } // Keyword.Constant
.kd { font-weight: bold } // Keyword.Declaration
.kp { font-weight: bold } // Keyword.Pseudo
.kr { font-weight: bold } // Keyword.Reserved
.kt { color: #458; font-weight: bold } // Keyword.Type
.m { color: #099 } // Literal.Number
.s { color: #d14 } // Literal.String
.na { color: #008080 } // Name.Attribute
.nb { color: #0086B3 } // Name.Builtin
.nc { color: #458; font-weight: bold } // Name.Class
.no { color: #008080 } // Name.Constant
.ni { color: #800080 } // Name.Entity
.ne { color: #900; font-weight: bold } // Name.Exception
.nf { color: #900; font-weight: bold } // Name.Function
.nn { color: #555 } // Name.Namespace
.nt { color: #000080 } // Name.Tag
.nv { color: #008080 } // Name.Variable
.ow { font-weight: bold } // Operator.Word
.w { color: #bbb } // Text.Whitespace
.mf { color: #099 } // Literal.Number.Float
.mh { color: #099 } // Literal.Number.Hex
.mi { color: #099 } // Literal.Number.Integer
.mo { color: #099 } // Literal.Number.Oct
.sb { color: #d14 } // Literal.String.Backtick
.sc { color: #d14 } // Literal.String.Char
.sd { color: #d14 } // Literal.String.Doc
.s2 { color: #d14 } // Literal.String.Double
.se { color: #d14 } // Literal.String.Escape
.sh { color: #d14 } // Literal.String.Heredoc
.si { color: #d14 } // Literal.String.Interpol
.sx { color: #d14 } // Literal.String.Other
.sr { color: #009926 } // Literal.String.Regex
.s1 { color: #d14 } // Literal.String.Single
.ss { color: #990073 } // Literal.String.Symbol
.bp { color: #999 } // Name.Builtin.Pseudo
.vc { color: #008080 } // Name.Variable.Class
.vg { color: #008080 } // Name.Variable.Global
.vi { color: #008080 } // Name.Variable.Instance
.il { color: #099 } // Literal.Number.Integer.Long
}

79
docs/build.sh
View File

@ -1,79 +0,0 @@
#!/usr/bin/env bash
# Should be called from the root folder, not inside `docs/` folder
# See `make build-docs`
set -e
MAN_LOCATION='man/man1'
MAN7_LOCATION='man/man7'
POSTS_LOCATION='docs/_posts'
function checkout_manuals {
cp -r man/ docs/man
}
function copy_to_posts {
# Cleaning old files:
rm -f "$POSTS_LOCATION/*.md"
rm -rf "$POSTS_LOCATION"
mkdir -p "$POSTS_LOCATION"
# Moving new command files:
local timestamp
local current_date
timestamp=$(date "+%Y-%m-%d %H:%M:%S %z")
current_date=$(date "+%Y-%m-%d")
# Creating command reference:
for com in "$MAN_LOCATION"/git-secret-*.1.md; do
local short_name
short_name=$(echo "$com" | sed -n "s|$MAN_LOCATION/\(.*\)\.1\.md|\1|p")
local command_header="---
layout: post
title: '${short_name}'
date: ${timestamp}
permalink: ${short_name}
categories: command
---"
local post_filename="$POSTS_LOCATION/${current_date}-${short_name}.md"
echo "$command_header" > "$post_filename"
cat "$com" >> "$post_filename"
done
# Creating main usage file:
local usage_header="---
layout: post
title: 'git-secret'
date: ${timestamp}
permalink: git-secret
categories: usage
---"
local usage_filename="$POSTS_LOCATION/${current_date}-git-secret.md"
echo "$usage_header" > "$usage_filename"
cat "$MAN7_LOCATION/git-secret.7.md" >> "$usage_filename"
}
function copy_install_scripts {
# We test these scripts using `release-ci`,
# so, installation instructions will always be up-to-date:
cp utils/deb/install.sh docs/_includes/install-deb.sh
cp utils/rpm/install.sh docs/_includes/install-rpm.sh
cp utils/apk/install.sh docs/_includes/install-apk.sh
}
function copy_version {
./git-secret --version > docs/_includes/version.txt
}
checkout_manuals
copy_to_posts
copy_install_scripts
copy_version

58
docs/css/main.scss
View File

@ -1,58 +0,0 @@
---
# Only the main Sass file needs front matter (the dashes are enough)
---
@charset "utf-8";
// Our variables
$base-font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
$base-font-size: 16px;
$base-font-weight: 400;
$small-font-size: $base-font-size * 0.875;
$base-line-height: 1.5;
$spacing-unit: 30px;
$text-color: #111;
$background-color: #fdfdfd;
$grey-color: #828282;
$grey-color-light: lighten($grey-color, 40%);
$grey-color-dark: darken($grey-color, 25%);
$purple-color: rgb(238, 81, 59);
$purple-color-light: lighten($purple-color, 40%);
$purple-color-dark: darken($purple-color, 25%);
$brand-color: $purple-color;
// Width of the content area
$content-width: 800px;
$on-palm: 600px;
$on-laptop: 800px;
// Use media queries like this:
// @include media-query($on-palm) {
// .wrapper {
// padding-right: $spacing-unit / 2;
// padding-left: $spacing-unit / 2;
// }
// }
@mixin media-query($device) {
@media screen and (max-width: $device) {
@content;
}
}
// Import partials from `sass_dir` (defaults to `_sass`)
@import
"base",
"layout",
"syntax-highlighting"
;

30
docs/feed.xml
View File

@ -1,30 +0,0 @@
---
layout: null
---
<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>{{ site.title | xml_escape }}</title>
<description>{{ site.description | xml_escape }}</description>
<link>{{ site.url }}{{ site.baseurl }}/</link>
<atom:link href="{{ "/feed.xml" | prepend: site.baseurl | prepend: site.url }}" rel="self" type="application/rss+xml"/>
<pubDate>{{ site.time | date_to_rfc822 }}</pubDate>
<lastBuildDate>{{ site.time | date_to_rfc822 }}</lastBuildDate>
<generator>Jekyll v{{ jekyll.version }}</generator>
{% for post in site.posts limit:10 %}
<item>
<title>{{ post.title | xml_escape }}</title>
<description>{{ post.content | xml_escape }}</description>
<pubDate>{{ post.date | date_to_rfc822 }}</pubDate>
<link>{{ post.url | prepend: site.baseurl | prepend: site.url }}</link>
<guid isPermaLink="true">{{ post.url | prepend: site.baseurl | prepend: site.url }}</guid>
{% for tag in post.tags %}
<category>{{ tag | xml_escape }}</category>
{% endfor %}
{% for cat in post.categories %}
<category>{{ cat | xml_escape }}</category>
{% endfor %}
</item>
{% endfor %}
</channel>
</rss>

BIN
docs/images/favicons/android-icon-144x144.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.8 KiB

BIN
docs/images/favicons/android-icon-192x192.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.7 KiB

BIN
docs/images/favicons/android-icon-36x36.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.7 KiB

BIN
docs/images/favicons/android-icon-48x48.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.8 KiB

BIN
docs/images/favicons/android-icon-72x72.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.3 KiB

BIN
docs/images/favicons/android-icon-96x96.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.7 KiB

BIN
docs/images/favicons/apple-icon-114x114.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.3 KiB

BIN
docs/images/favicons/apple-icon-120x120.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.4 KiB

BIN
docs/images/favicons/apple-icon-144x144.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.8 KiB

BIN
docs/images/favicons/apple-icon-152x152.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.2 KiB

BIN
docs/images/favicons/apple-icon-180x180.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 5.0 KiB

BIN
docs/images/favicons/apple-icon-57x57.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.2 KiB

BIN
docs/images/favicons/apple-icon-60x60.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.2 KiB

BIN
docs/images/favicons/apple-icon-72x72.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.3 KiB

BIN
docs/images/favicons/apple-icon-76x76.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.4 KiB

BIN
docs/images/favicons/apple-icon-precomposed.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.3 KiB

BIN
docs/images/favicons/apple-icon.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.3 KiB

2
docs/images/favicons/browserconfig.xml
View File

@ -1,2 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<browserconfig><msapplication><tile><square70x70logo src="/ms-icon-70x70.png"/><square150x150logo src="/ms-icon-150x150.png"/><square310x310logo src="/ms-icon-310x310.png"/><TileColor>#ffffff</TileColor></tile></msapplication></browserconfig>

BIN
docs/images/favicons/favicon-16x16.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.2 KiB

BIN
docs/images/favicons/favicon-32x32.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.6 KiB

BIN
docs/images/favicons/favicon-96x96.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.7 KiB

BIN
docs/images/favicons/favicon.ico
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.1 KiB

41
docs/images/favicons/manifest.json
View File

@ -1,41 +0,0 @@
{
"name": "App",
"icons": [
{
"src": "\/android-icon-36x36.png",
"sizes": "36x36",
"type": "image\/png",
"density": "0.75"
},
{
"src": "\/android-icon-48x48.png",
"sizes": "48x48",
"type": "image\/png",
"density": "1.0"
},
{
"src": "\/android-icon-72x72.png",
"sizes": "72x72",
"type": "image\/png",
"density": "1.5"
},
{
"src": "\/android-icon-96x96.png",
"sizes": "96x96",
"type": "image\/png",
"density": "2.0"
},
{
"src": "\/android-icon-144x144.png",
"sizes": "144x144",
"type": "image\/png",
"density": "3.0"
},
{
"src": "\/android-icon-192x192.png",
"sizes": "192x192",
"type": "image\/png",
"density": "4.0"
}
]
}

BIN
docs/images/favicons/ms-icon-144x144.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.8 KiB

BIN
docs/images/favicons/ms-icon-150x150.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.2 KiB

BIN
docs/images/favicons/ms-icon-310x310.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 17 KiB

BIN
docs/images/favicons/ms-icon-70x70.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.3 KiB

BIN
docs/images/git-secret-big.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 27 KiB

BIN
docs/images/git-secret-sm.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 6.7 KiB

43
docs/index.html
View File

@ -1,43 +0,0 @@
---
layout: default
---
<div class="home">
<img src="{{ "/images/git-secret-big.png" | prepend: site.baseurl }}"
alt="git-secret"
title="git-secret"
class="home-logo-image" />
<h1>Synopsis</h1>
{% capture markdown_file %}
{% include why.md %}
{% endcapture %}
{{ markdown_file | markdownify }}
{% for post in site.categories.usage %}
{{ post.content }}
{% endfor %}
<h2 class="page-heading" id="commands">Command Reference</h2>
<ul class="post-list">
{% for post in site.categories.command %}
<li>
<h2>
<a class="post-link" href="{{ post.url | prepend: site.baseurl }}">
{{ post.title }}
</a>
</h2>
</li>
{% endfor %}
</ul>
<p class="rss-subscribe">
subscribe
<a href="{{ "/feed.xml" | prepend: site.baseurl }}">via RSS</a>
</p>
</div>

156
docs/installation.md
View File

@ -1,156 +0,0 @@
---
layout: default
---
# Installation
## Dependencies
`git-secret` relies on two dependencies: `git` and `gpg`. Download and install them before using this project. `git-secret` is tested to work with:
```
git version 2.7.0
gpg (GnuPG) 1.4.20
```
## Supported platforms
`git-secret` is tested with `Mac OS X` >= 10.9, `Ubuntu` >= 14.04, `Debian` >= 8.3,
`Fedora` / `Rocky Linux` / `AlmaLinux`, `FreeBSD`, and `Windows` >= 10 using `WSL`.
You can check the full list of automated test platforms
[here](https://github.com/sobolevn/git-secret/blob/master/.github/workflows/test.yml).
We are always interested in getting `git-secret` working and tested on additional systems.
If you get `git-secret` working on a new system and the tests pass for you,
you can add a GitHub Action to test your platform to that file.
Also we welcome improvements to tests or `git-secret` code for any platform.
## Installation process
There are several ways to install `git-secret`, depending on your OS and distribution.
They generally all have different installation processes, so we only go into
a short explanation of each.
(We welcome documentation improvements.)
---
### Mac OS X / Homebrew
This is a packaging system for OSX. To install `git-secret` on OSX, you can install
`homebrew` and then use:
```bash
brew install git-secret
````
---
### Debian-Type Systems / `deb` package
`deb` is a packaging system for [Debian](https://www.debian.org/) and related linux
distributions.
You can find the `deb` repository [here](https://gitsecret.jfrog.io/artifactory/git-secret-deb/).
Pre-requirements: make sure you have installed `apt-transport-https` and `ca-certificates`
```bash
{% include install-deb.sh %}
```
---
### Red Hat Systems / `rpm` package
`rpm` is a packaging system for Fedora, CentOS, and other Red Hat based linux distributions.
You can find the `rpm` repository [here](https://gitsecret.jfrog.io/artifactory/git-secret-rpm/).
```bash
{% include install-rpm.sh %}
```
---
### Alpine Systems / `apk` package
`apk` is a packaging system for Alpine.
You can find the `apk` `git-secret` packaging
[here](https://gitsecret.jfrog.io/artifactory/git-secret-apk/),
and you can see a list of supported architectures
[here](https://github.com/sobolevn/git-secret/blob/master/utils/apk/meta.sh)
```bash
{% include install-apk.sh %}
```
---
### Arch Linux
Use `Manual Installation` method described below.
---
### Windows / `WSL`, `Cygwin`, `MSYS`, or `Mingw-w64`
`git-secret` depends on many unix tools and features that Windows systems do not usually
include by default. Therefore to get `git-secret` running on Windows you have to
install these tools, probably using one of the toolkits described below.
Each has a different install and setup process. There may also be other
ways to install the unix prerequisites on Windows.
Once the prerequisite unix tools are installed,
you can use the Manual Installation instructions below to
manually install `git-secret` (see below).
Some ways to install the required unix tools on windows include
WSL, CYGWIN, MSYS, and Mingw-w64
(internally, these tools may share some components).
Documenting how each is installed and used is beyond the scope of this document,
so we will cover the topic in broad strokes. Improvements to this documentation
(or any other git-secret documentation) are welcome.
Again, after you install the unix tools needed, you can install
`git-secret` on windows using the `Manual Installation` steps below.
#### WSL
Perhaps the easiest way to get `git-secret` operating on windows is using `WSL`
(if your system supports it).
Here are instructions to install [WSL](https://docs.microsoft.com/en-us/windows/wsl/install)
You'll need to install these additional packages: `gnupg`, `make`, `man`, `git`, `gawk`, `file`.
We have successfully set up automated testing of `git-secret` on `WSL`,
so we are confident this method works.
#### Mingw-w64
Another way to install the prerequisites for `git-secret` on Windows is to use
[Mingw-w64](https://www.mingw-w64.org/) and install the needed packages.
By default, the `Mingw-w64` installation will be saved to `C:\msys64`. You'll need to
install `make` and probably other tools such as `gnupg`, `make`, `man`, `git`, and `gawk`.
(This list might not be complete).
#### MSYS and Cygwin
`git-secret` also works with [MSYS](https://www.msys2.org/)
and [Cygwin](https://www.cygwin.com/), and we have gotten _most_ of the way to getting
`git-secret`'s self-tests running on these setups with Windows (see
[windows-related issues](https://github.com/sobolevn/git-secret/issues?q=is%3Aissue+is%3Aopen+windows)).
We welcome contributions to `git-secret` and its documentation .
---
### Manual Installation
```bash
git clone https://github.com/sobolevn/git-secret.git git-secret
cd git-secret && make build
PREFIX="/usr/local" make install
```
Note that you can change `PREFIX` to be any directory you subsequently include in in your `PATH`
environment variable. We generally recommend you stick to the default
install locations for simplicity, but if you know what you're doing you are welcome to change it.

9
docs/plugins.md
View File

@ -1,9 +0,0 @@
---
layout: default
---
# External plugins
Here's a list of external plugins for `git-secret` developed by other awesome developers:
- [git-secret-diff](https://github.com/msilvestre/git-secret-diff) adds `git secret diff` command similar to `git diff` to see changes in your secrets in different commits

BIN
git-secret.gif
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 555 KiB

21
git-secret.plugin.zsh Normal file
View File

@ -0,0 +1,21 @@
#!/usr/bin/env zsh
# Copyright 2016 Sobolev Nikita <mail@sobolevn.me>
#
# Licensed under the MIT License
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Create binary:
PLUGIN_DIR="$(dirname "$0")"
if [ ! -f "$PLUGIN_DIR/git-secret" ]; then
cd "$PLUGIN_DIR" && make build && cd ..
fi
# Add our plugin's bin diretory to user's path
export PATH="${PATH}:${PLUGIN_DIR}"

BIN
man/man1/git-secret-add.1
View File

Binary file not shown.

39
man/man1/git-secret-add.1.md
View File

@ -1,39 +0,0 @@
git-secret-add - starts to track added files.
=============================================
## SYNOPSIS
git secret add [-v] [-i] <pathspec>...
## DESCRIPTION
`git secret add` - tells `git secret` which files hold secrets.
Adds filepath(s) into `.gitsecret/paths/mapping.cfg`.
(It is not recommended to alter `.gitsecret/paths/mapping.cfg` manually.)
As of 0.2.6, this command also ensures the filepath is in `.gitignore`
as the contents are now considered secret and should not be committed into the repository unencrypted.
The `add` action will fail unless there are already users in `git-secret`'s keyring.
(See [git-secret(7)](https://git-secret.io/git-secret) for information about renaming the .gitsecret
folder using the SECRETS_DIR environment variable.
## OPTIONS
-v - verbose, shows extra information.
-i - does nothing, adding paths to .gitignore is now the default behavior.
-h - shows this help.
## MANUAL
Run `man git-secret-add` to see this document.
## SEE ALSO
[git-secret-init(1)](https://git-secret.io/git-secret-init), [git-secret-tell(1)](https://git-secret.io/git-secret-tell),
[git-secret-hide(1)](https://git-secret.io/git-secret-hide), [git-secret-reveal(1)](https://git-secret.io/git-secret-reveal)

30
man/man1/git-secret-add.1.ronn Normal file
View File

@ -0,0 +1,30 @@
git-secret-add - starts to track added files.
=============================================
## SYNOPSIS
git secret add [-i] <pathspec>...
## DESCRIPTION
`git-secret-add` adds a filepath(es) into the `.gitsecret/paths/mapping.cfg`. When adding files, ensure that they are ignored by `git`, since they must be secure and not be commited into the remote repository unencrypted.
If there's no users in the `git-secret`'s keyring, when adding a file, an exception will be raised.
It is not recommened to add filenames directly into the `.gitsecret/paths/mapping.cfg`, use the command.
## OPTIONS
-i - auto adds given files to the `.gitignore` if they are unignored at the moment.
-h - shows this help.
## MANUAL
Run `man git-secret-add` to see this note.
## SEE ALSO
[git-secret-init(1)](http://git-secret.io/git-secret-init), [git-secret-tell(1)](http://git-secret.io/git-secret-tell), [git-secret-hide(1)](http://git-secret.io/git-secret-hide), [git-secret-reveal(1)](http://git-secret.io/git-secret-reveal)

Some files were not shown because too many files have changed in this diff Show More