This is another note of the kind: “I don’t want to google for it next time I need it in few years”
Sometimes we need to store sensitive data in our git repository and it definitely should not be stored in plaintext. This is where git-crypt becomes very usefull. It allows to encrypt plaintext with the help of gpg keys. The enabledment is pretty simple.
First make sure that you have gpg installed of the latest version:
Create a new key:
Options to be defined:
- RSA and RSA
- 4096 bit
- defined whatever expiry you want. Normal practice is 1 year.
GIT repository part
Inside your git repository run the following:
git-crypt add-gpg-user USER_ID
Specify files to encrypt by creating a
secret.txt filter=git-crypt diff=git-crypt
*.key filter=git-crypt diff=git-crypt
You’ll need to git-add and git-commit the newly created files
git add .gitattributes
git add .git-crypt
git commit .git-crypt .gitattributes -m "Added git crypt"
That is it. The file will showup encrypted in your git repository
After cloning a repository with encrypted files, unlock with GPG:
Adding new key to repository
For example you need to add one more contributor to your repository.
New contributor got to share his GPG key by exporting it:
gpg --armor --export USER_ID > USER_ID.gpg
You’ll need to import it, trust it and add user:
gpg --import USER_ID.gpg
gpg ––edit–key D2B3EAAF9A8D5DB93CC30B26CCA243599CC80727B
git-crypt add-gpg-user D2B3EAAF9A8D5DB93CC30B26CCA243599CC80727B