- Notifications
You must be signed in to change notification settings - Fork201
👥 A bash-tool to store your private data inside a git repository.
License
sobolevn/git-secret
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
git-secret is a bash tool which stores private data inside a git repo.git-secret encrypts files with permitted users' public keys,allowing users you trust to access encrypted data using pgp and their secret keys.
Withgit-secret, changes to access rights are simplified, and private-public key issues are handled for you.
When someone's permission is revoked, secrets do not need to be changed withgit-secret -just remove their key from the repo's keyring usinggit secret removeperson their@email.com,re-encrypt the files, and they won't be able to decrypt secrets anymore.If you think the user might have copied the secrets or keys when they had access, thenyou should also change the secrets.
git-secretsupportsbrew, just type:brew install git-secret
It also supportsapt andyum. You can also usemake if you want to.See theinstallation section for the details.
git-secret relies on several external packages:
bashsince3.2.57(it is hard to tell the correctpatchrelease)gawksince4.0.2gitsince1.8.3.1gpgsincegnupg 1.4tognupg 2.Xsha256sumsince8.21(on freebsd and MacOSshasumis used instead)
Do you want to help the project? Find anissueand send a PR. It is more than welcomed! SeeCONTRIBUTING.md on how to do that.
In order to encrypt (git-secret hide -m) files only when modified, the pathmappings file tracks sha256sum checksums of the files added (git-secret add) togit-secret's path mappings filesystem database. Although, the chances ofencountering a sha collision are low, it is recommend that you pad files withrandom data for greater security. Or avoid using the-m option altogether.If your secret file holds more data than just a single password theseprecautions should not be necessary, but could be followed for greatersecurity.
If you found any security related issues, please do not disclose it in public. Send an email tomail@sobolevn.me
git-secret usessemver. SeeCHANGELOG.md.
Thanks to all the people and groups who packagegit-secret for easier install on particular OSes and distributions!
Here are some packagings ofgit-secret that we're aware of:
- https://formulae.brew.sh/formula/git-secret
- https://packages.ubuntu.com/bionic/git-secret
- https://src.fedoraproject.org/rpms/git-secret
- https://aur.archlinux.org/packages/git-secret/
- https://pkgs.alpinelinux.org/package/edge/testing/x86/git-secret
- https://packages.debian.org/sid/git-secret
- https://github.com/void-linux/void-packages/blob/master/srcpkgs/git-secret/template
Such packages are considered 'downstream' because the git-secret code 'flows' from thegit-secretrepositoryto the various rpm/deb/dpkg/etc packages that are created for specific OSes and distributions.
We have also added notes specifically for packagers inCONTRIBUTING.md.
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]
Thanks to all our backers!
This project exists thanks to all the people who contribute. [Contribute].
MIT. SeeLICENSE.md for details.
Special thanks toElio Qoshi fromura for the awesome logo.
About
👥 A bash-tool to store your private data inside a git repository.
