Secure git repository with gitcrypt

date: Sun Feb 10 2019

A really short one ;-)
I was using a gpg encrypt setup with one of my projects to protect api keys and secrets. The setup worked, but required manual work which I tended to forget. So trying to find a lightweight alternative .. and found git-crypt which solved the issue pretty easily. No use of explaining how to install this since it’s all on above link. If you need some encryption for your git projects I suggest you take a look at git-crypt. Note that in order to make git-crypt work I had to symlink gpg to gpg2, it’s apparently using gpg.

for future reference:

  • git-crypt init: initialize git-crypt in a git repository
  • .gitattributes: a .gitignore-like file, to define what files to encrypt. My .gitattributes, anything with key or secure in the filename is pushed encrypted:
*.key.*    filter=git-crypt diff=git-crypt
*.secure.* filter=git-crypt diff=git-crypt
  • git-crypt add-gpg-user <user-email> to enable an extra user to decrypt your uploaded files. Make sure you already have the users public key in your gnupg keyring.
  • and to list all keys used for git-crypt:
for key in .git-crypt/keys/default/0/*
  gpg -k $(echo $(basename $key) | sed -e 's/.gpg//')