Skip to main content

Git-Crypt

We use git-crypt to ensure that application secrets are encrypted at rest in git.

Prerequisites

  1. Install GPG
  2. Install git-crypt
  3. Generate a key pair, if you don’t have one already. The GitHub documentation is a good reference.
  4. Push your public key to a key server: gpg --send-keys PUBKEYID
  5. Add the pubkey to your GitHub account, again, following the documentation

Setup

otherwise,

  • Share your PUBKEYID with an existing member of your team. They will need to trust your key and add you to the repository (see git-crypt documentation above).

Usage

Once the above has been setup, update your local repository clone and unlock the secrets:

$ git pull
$ git-crypt unlock

From this point on, git-crypt operates transparently.

You can verify the status of files by using git-crypt status.

This page was last reviewed on 19 May 2021. It needs to be reviewed again on 19 August 2021 .
This page was set to be reviewed before 19 August 2021. This might mean the content is out of date.