a6d74bab4c
moved item in changelog to correct place |
||
---|---|---|
.ci | ||
.Dockerfiles | ||
.github | ||
docs | ||
man | ||
RFC | ||
src | ||
tests | ||
utils | ||
vendor | ||
.editorconfig | ||
.gitattributes | ||
.gitignore | ||
.kitchen.yml | ||
.travis.yml | ||
CHANGELOG.md | ||
CONTRIBUTING.md | ||
Gemfile | ||
git-secret.gif | ||
LICENSE.md | ||
Makefile | ||
README.md |
git-secret
What is git-secret
?
git-secret
is a bash tool which stores private data inside a git repo.
git-secret
encrypts files with permitted users' public keys,
allowing users you trust to access encrypted data using pgp and their secret keys.
With git-secret
, changes to access rights are simplified, and private-public key issues are handled for you.
When someone's permission is revoked, secrets do not need to be changed with git-secret
-
just remove their key from the keychain using git secret killperson their@email.com
,
re-encrypt the files, and they won't be able to decrypt secrets anymore.
If you think the user might have copied the secrets or keys when they had access, then
you should also change the secrets.
Preview
Installation
git-secret
supports brew
, just type: brew install git-secret
It also supports apt
and yum
. You can also use make
if you want to.
See the installation section for the details.
Requirements
git-secret
relies on several external packages:
bash
since3.2.57
(it is hard to tell the correctpatch
release)gawk
since4.0.2
git
since1.8.3.1
gpg
sincegnupg 1.4
tognupg 2.X
sha256sum
since8.21
(on freebsd and MacOSshasum
is used instead)
Contributing
Do you want to help the project? Find an issue and send a PR. It is more than welcomed! See CONTRIBUTING.md on how to do that.
Security
In order to encrypt (git-secret hide -m) files only when modified, the path
mappings file tracks sha256sum checksums of the files added (git-secret add) to
git-secret's path mappings filesystem database. Although, the chances of
encountering a sha collision are low, it is recommend that you pad files with
random data for greater security. Or avoid using the -m
option altogether.
If your secret file holds more data than just a single password these
precautions should not be necessary, but could be followed for greater
security.
If you found any security related issues, please do not disclose it in public. Send an email to security@wemake.services
Changelog
git-secret
uses semver. See CHANGELOG.md.
Packagers
Thanks also to all the people and groups who package git-secret to be easier to install on particular OSes or distributions!
Here are some packagings of git-secret that we're aware of:
- https://formulae.brew.sh/formula/git-secret
- https://packages.ubuntu.com/bionic/git-secret
- https://src.fedoraproject.org/rpms/git-secret
- https://aur.archlinux.org/packages/git-secret/
- https://pkgs.alpinelinux.org/package/edge/testing/x86/git-secret
- https://packages.debian.org/sid/git-secret
- https://github.com/void-linux/void-packages/blob/master/srcpkgs/git-secret/template
Such packages are considered 'downstream' because the git-secret code 'flows' from the git-secret repository to the various rpm/deb/dpkg/etc packages that are created for specific OSes and distributions.
We have also added notes specifically for packagers in CONTRIBUTING.md.
Sponsors
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]
Backers
Thanks to all our backers!
Contributors
This project exists thanks to all the people who contribute. [Contribute].
License
MIT. See LICENSE.md for details.
Thanks
Special thanks to Elio Qoshi from ura for the awesome logo.