git-crypt to ensure that application secrets are encrypted at rest in git.
- Install GPG
- Install git-crypt
- Generate a key pair, if you don’t have one already. The GitHub documentation is a good reference.
- Push your public key to a key server:
gpg --send-keys PUBKEYID
- Add the pubkey to your GitHub account, again, following the documentation
- If the repository has not been setup before, please follow the git-crypt documentation to do so.
- Share your
PUBKEYIDwith an existing member of your team. They will need to trust your key and add you to the repository (see git-crypt documentation above).
Once the above has been setup, update your local repository clone and unlock the secrets:
$ git pull $ git-crypt unlock
From this point on,
git-crypt operates transparently.
You can verify the status of files by using