Zsh Mailing List Archive
Messages sorted by:
git-secret - zsh-plugin to store your private data inside a git repository
- X-seq: zsh-users 21378
- From: Никита Соболев <n.a.sobolev@xxxxxxxxx>
- To: zsh-users@xxxxxxx
- Subject: git-secret - zsh-plugin to store your private data inside a git repository
- Date: Sun, 13 Mar 2016 18:48:43 +0300
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to :content-transfer-encoding; bh=FIIrMFdYMZkf0OcMnBHCdue92HjNZNOAEmqMvVJXx7o=; b=Amx6fkn5tog8dVmrbZJ0khRyV/18El8qqa7NyLEqazaqE31Y9n//xmWfa4WZ/oLoQp Rp+ZKB/ddeW/Tc2IKhU/vihwOTkMzGxWU8bffudr6AdsRFdsgNTAg9hXD0CPTjMJtLOx A5A/LPTD+o36/Ch5spJ/ZhUQdxDJ5ZbwM8mHPze5mTIADm5aa73aCyiCUzhXjyEhTlrZ XkHGSozcKfbWzSMcl9PwyTm9NttsJ6fK+KoS6gZ9iJ8SOcechsATjiTTL7KbyMBaA7T6 G2CUYI6brmAGlTu6AfTxHrMLNHpu7lveEb/pwh/LlgceL58f5duGBBirPjQgmThSCET9 ibkg==
- List-help: <mailto:firstname.lastname@example.org>
- List-id: Zsh Users List <zsh-users.zsh.org>
- List-post: <mailto:email@example.com>
- Mailing-list: contact zsh-users-help@xxxxxxx; run by ezmlm
There’s a known problem in server configuration and deploying, when
you have to store your private data such as: database passwords,
application secret-keys, OAuth secret keys and so on, outside of the
git repository. Even if this repository is private, it is a security
risk to just publish them into the world wide web. What are the
drawbacks of storing them separately?
These files are not version controlled. Filenames change, locations
change, passwords change from time to time, some new information
appears, other is removed. And you can not tell for sure which version
of the configuration file was used with each commit.
When building the automated deployment system there will be one extra
step: download and place these secret-configuration files where they
need to be. So you have to maintain an extra secure server, where
everything is stored.
How does git-secret solve these problems?
git-secret encrypts files and stores them inside the git repository,
so you will have all the changes for every commit.
git-secret doesn’t require any other deploy operations rather than git
secret reveal, so it will automatically decrypt all the required
What is git-secret?
git-secret is a bash tool to store your private data inside a git
repo. How’s that? Basically, it just encrypts, using gpg, the tracked
files with the public keys of all the users that you trust. So
everyone of them can decrypt these files using only their personal
secret key. Why deal with all this private-public keys stuff? Well, to
make it easier for everyone to manage access rights. There are no
passwords that change. When someone is out - just delete his public
key, reencrypt the files, and he won’t be able to decrypt secrets
Find out more: https://sobolevn.github.io/git-secret/
Messages sorted by: