Go to file
2017-11-27 23:19:01 -07:00
.ci Updating ansible version installed by avm, same as kitchen 2017-11-27 17:03:21 -07:00
.Dockerfiles Fixing issues with docker 17.07 ce and systemd 2017-11-27 10:55:31 -07:00
.github Fixes #95 2017-11-27 09:52:07 -07:00
man Adds documentation update 2017-09-24 13:57:19 -06:00
src Fix SC1126 2017-11-27 13:54:31 -07:00
tests Adding test for hide option '-m'. closes #109. 2017-11-27 22:30:39 -07:00
utils fix shellcheck error 2017-11-27 14:01:37 -07:00
.editorconfig fixes after makefile crash 2016-02-21 16:26:17 +03:00
.gitattributes fixes after makefile crash 2016-02-21 16:26:17 +03:00
.gitignore Updating ignore files 2017-09-20 23:05:06 -06:00
.kitchen.yml Bump ansible to latest release 2017-11-27 15:34:11 -07:00
.travis.yml Updating travis test matrix to reflect changes. 2017-11-27 16:45:19 -07:00
CHANGELOG.md Updating 2.3 full changelog. partial #110 2017-11-27 23:10:33 -07:00
CONTRIBUTING.md Update doc, to reflect where ci tests are actually located 2017-11-27 14:21:45 -07:00
Gemfile Add local ci tests. 2017-09-24 08:03:05 -06:00
git-secret.plugin.zsh Adds fixes to subdirectories bug. 2017-03-06 00:46:49 +03:00
LICENSE.md CONTRIBUTING.md added 2016-07-02 16:18:53 +03:00
Makefile Fix install-fpm target, typo in apk 2017-11-27 14:46:27 -07:00
README.md Improves README, refs #79. Update security note, closes #78 2017-11-27 22:57:11 -07:00

git-secret

Build Status Homebrew Bintray deb Dockerhub

git-secret

What is git-secret?

git-secret is a bash tool to store your private data inside a git repo. Hows that? Basically, it just encrypts, using gpg, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete their public key, re-encrypt the files, and they wont be able to decrypt secrets anymore.

Preview

git-secret terminal preview

Installation

git-secret supports brew, just type: brew install git-secret

It also supports apt and yum. You can also use make if you want to.

See the installation section for the details.

Requirements

git-secret relies on several external packages:

  • bash since 3.2.57 (it is hard to tell the correct patch release)
  • gawk since 4.0.2
  • git since 1.8.3.1
  • gpg since gnupg 1.4 to gnupg 2.X
  • sha256sum since 8.21

Contributing

Do you want to help the project? Find an issue and send a PR. It is more than welcomed! See CONTRIBUTING.md on how to do that.

Security

In order to encrypt (git-secret hide -m) files only when modified, the path mappings file tracks sha256sum checksums of the files added (git-secret add) to git-secret's path mappings filesystem database. Although, the chances of encountering a sha collision are low, it is recommend that you pad files with random data for greater security. Or avoid using the -m option altogether. If your secret file holds more data than just a single password these precautions should not be necessary, but could be followed for greater security.

If you found any security related issues, please do not enclose it in public. Send an email to security@wemake.services

Changelog

git-secret uses semver. See CHANGELOG.md.

License

MIT. See LICENSE.md for details.

Thanks

Special thanks to Elio Qoshi from ura for the awesome logo.