mirror of
https://github.com/sobolevn/git-secret
synced 2024-11-06 15:20:36 +00:00
5c25233b89
There are a lot of changes, multiple things were refactored: tests, some commands, building and meta. Several critical bugs fixed. Changes: 1. Fixed #74, when `_user_required` was not working after reimporting keys 2. Closes #73, now it is possible to provide multiple emails to the `killperson` command 3. Closes #72, now it is possible to provide multiple emails to the `tell` command 4. Closes #71, now every doc in this project refer to `git-secret.io` instead of old `gh-pages` website 5. Closes #70, now installation section is removed from main `man` file 6. Closes #69, now "See also" section in the `man`s are clickable 7. Closes #61, added "Manual" section to the manuals 8. Refs #38, added `centos` Dockerfile, but `ci` testing is still failing 9. Refs #52, tests are refactored. Added `clean` command tests, removed a lot of hardcoded things, moved tests execution from `./temp` folder to `/tmp`, added a lot of new check in old tests, and some new test cases 10. Refactored `hide` and `clean` commands to be shorter 11. `shellcheck` is now supported with `make lint` Additional features are not comming to 0.2.2 after this commit.
27 lines
2.5 KiB
Markdown
27 lines
2.5 KiB
Markdown
## Usage
|
|
These steps cover the basic process of using `git-secret`:
|
|
|
|
0. Before starting, make sure you have created `gpg` RSA key-pair: public and secret key identified by your email address.
|
|
1. Initialize `git-secret` repository by running `git secret init` command. `.gitsecret/` folder will be created, **note** that `.gitsecret/` folder [should **not** be ignored](https://github.com/sobolevn/git-secret/issues/39).
|
|
2. Add first user to the system by running `git secret tell your@gpg.email`.
|
|
3. Now it's time to add files you wish to encrypt inside the `git-secret` repository. It can be done by running `git secret add <filenames...>` command. Make sure these files are ignored, otherwise `git-secret` won't allow you to add them, as these files will be stored unencrypted.
|
|
4. When done, run `git secret hide` all files, which you have added by `git secret add` command will be encrypted with added public-keys by the `git secret tell` command. Now it is safe to commit your changes. **But**. It's recommended to add `git secret hide` command to your `pre-commit` hook, so you won't miss any changes.
|
|
5. Now decrypt files with `git secret reveal` command. It will ask you for your password. And you're done!
|
|
|
|
### I want to add someone to the repository
|
|
1. Get his `gpg` public-key. **You won't need their secret key.**
|
|
2. Import this key inside your `gpg` by running `gpg --import KEY_NAME`
|
|
3. Now add this person to the `git-secret` by running `git secret tell persons@email.id`
|
|
4. Reencypt the files, now they will be able to decrypt them with their secret key.
|
|
|
|
Note, that it is possible to add yourself to the system without decrypting existing files. It will be possible to decrypt them after reencrypting them with the new keyring. So, if you don't want unexpected keys added, make sure to configure some server-side security policy with the `pre-receive` hook.
|
|
|
|
## Configuration
|
|
You can configure several things to suit your workflow better. To do so, just set the required variable to the value you need. This can be done in your shell environment file or with the each `git-secret` command.
|
|
|
|
These settings are available to be changed:
|
|
|
|
* `$SECRETS_GPG_COMMAND` - sets the `gpg` alternatives, defaults to `gpg`. It can be changed to `gpg`, `gpg2`, `pgp`, `/usr/local/gpg` or any other value. After doing so rerun tests to be sure, that it won't break anything. Tested to be working with: `gpg`, `gpg2`.
|
|
* `$SECRETS_EXTENSION` - sets the secret files extension, defaults to `.secret`. It can be changed to any valid file extension.
|
|
|