focal (7) git-secret.7.gz

Provided by: git-secret_0.2.3-1_all bug

NAME
       git-secret


Usage
       These steps cover the basic process of using git-secret:

       1.  Before  starting,  make  sure  you have created gpg RSA key-pair: public and secret key identified by
           your email address.

       2.  Initialize git-secret repository by running git secret  init  command.  .gitsecret/  folder  will  be
           created,       note       that      .gitsecret/      folder      should      not      be      ignored
           https://github.com/sobolevn/git-secret/issues/39.

       3.  Add first user to the system by running git secret tell your@gpg.email.

       4.  Now it´s time to add files you wish to encrypt inside the git-secret repository. It can  be  done  by
           running  git  secret  add  <filenames...>  command.  Make  sure  these  files  are ignored, otherwise
           git-secret won´t allow you to add them, as these files will be stored unencrypted.

       5.  When done, run git secret hide all files, which you have added by git  secret  add  command  will  be
           encrypted  with  added  public-keys  by  the  git  secret tell command. Now it is safe to commit your
           changes. But. It´s recommended to add git secret hide command to your pre-commit hook, so  you  won´t
           miss any changes.

       6.  Now decrypt files with git secret reveal command. It will ask you for your password. And you´re done!

   I want to add someone to the repository
       1.  Get his gpg public-key. You won´t need their secret key.

       2.  Import this key inside your gpg by running gpg --import KEY_NAME

       3.  Now add this person to the git-secret by running git secret tell persons@email.id

       4.  Reencypt the files, now they will be able to decrypt them with their secret key.

       Note,  that  it  is  possible to add yourself to the system without decrypting existing files. It will be
       possible to decrypt them after reencrypting them with the new keyring. So, if you don´t  want  unexpected
       keys added, make sure to configure some server-side security policy with the pre-receive hook.


Configuration
       You  can  configure several things to suit your workflow better. To do so, just set the required variable
       to the value you need. This can be done in your shell  environment  file  or  with  the  each  git-secret
       command.

       These settings are available to be changed:

       •   $SECRETS_GPG_COMMAND  -  sets  the gpg alternatives, defaults to gpg. It can be changed to gpg, gpg2,
           pgp, /usr/local/gpg or any other value. After doing so rerun tests to be sure, that  it  won´t  break
           anything. Tested to be working with: gpg, gpg2.

       •   $SECRETS_EXTENSION  -  sets the secret files extension, defaults to .secret. It can be changed to any
           valid file extension.