2.9 KiB
git-secret
What is git-secret?
git-secret is a bash tool to store your private data inside a git repo. How’s that? Basically, it just encrypts, using gpg, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete their public key, re-encrypt the files, and they won’t be able to decrypt secrets anymore.
Preview
Installation
git-secret supports brew, just type: brew install git-secret
It also supports apt and yum. You can also use make if you want to.
See the installation section for the details.
Requirements
git-secret relies on several external packages:
bashsince3.2.57(it is hard to tell the correctpatchrelease)gawksince4.0.2gitsince1.8.3.1gpgsincegnupg 1.4tognupg 2.Xsha256sumsince8.21
Contributing
Do you want to help the project? Find an issue and send a PR. It is more than welcomed! See CONTRIBUTING.md on how to do that.
Security
In order to encrypt (git-secret hide -m) files only when modified, the path
mappings file tracks sha256sum checksums of the files added (git-secret add) to
git-secret's path mappings filesystem database. Although, the chances of
encountering a sha collision are low, it is recommend that you pad files with
random data for greater security. Or avoid using the -m option altogether.
If your secret file holds more data than just a single password these
precautions should not be necessary, but could be followed for greater
security.
If you found any security related issues, please do not enclose it in public. Send an email to security@wemake.services
Changelog
git-secret uses semver. See CHANGELOG.md.
License
MIT. See LICENSE.md for details.
Thanks
Special thanks to Elio Qoshi from ura for the awesome logo.