the usual
inconsistent at best
Featured Categories Tags RSS Archive About
Hugo Theme Diary by Rise
Ported from Makito's Journal.

© Scott Wiersdorf
Featured Categories Tags RSS Archive About
the usual
inconsistent at best
Use git-crypt to Store Secrets in Git
folder [system administration programming]   label git   security  

git-crypt (github) keeps your secrets safe in a git repository. It decrypts on checkout and encrypts at commit using standard git hooks. Once configured, it is completely transparent.

I had a situation where the secrets were already in the repo and I needed to encrypt them (if you’re in this situation, you should also change your secrets because git log -p).

To encrypt files (foo.conf, bar.conf) already in the repo:

$ git-crypt keygen /path/to/key
$ git-crypt init /path/to/key
$ cat > .gitattributes
*.conf filter=git-crypt diff=git-crypt

You may have to commit add/commit .gitattributes first. Then:

$ git add *.conf
$ git commit *.conf -m "encrypt conf files"

Last modified on 2014-07-15