Zsh Mailing List Archive
Messages sorted by:
Reverse Date,
Date,
Thread,
Author
Re: git-secret - zsh-plugin to store your private data inside a git repository
- X-seq: zsh-users 21380
- From: Никита Соболев <n.a.sobolev@xxxxxxxxx>
- To: zsh-users@xxxxxxx, lists@xxxxxxxxx
- Subject: Re: git-secret - zsh-plugin to store your private data inside a git repository
- Date: Sun, 13 Mar 2016 22:39:48 +0300
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-transfer-encoding; bh=cirbOXUjUMMsZjHdoYIzsuUTid1nkVA6mJ9+8m2s0jY=; b=Q1siCQkmZ12grcKAPIrOzEKJkOoBob3fzyHsAm6n5MxM4T1hdanXJv0nRviYk9RG9Y QfyuSJPaUw1GhoTBUhNbH+9Kimwf20lY27PyDNyA+AY7Jzkr8ni56NDVOjtYEWnkgY0D HEJT8pxHFLBmkzzVEdVJVeeBCD3dhIYSazjxaibACYvsUYjmul0JyuilSqmEC+kA2Tk+ x24VcdPK0CGCrnSsfxyvDO5zDBWq91fcN1ranU3cV35n3p75z2DRG6m0KPrDKT/hQuBV AR5rmjmInDgSWjgNCiDtGm9/nkuSYxA/y3HQfGIlwAl0s3BjATIX65c0JjWs9CGu7iiE luhg==
- In-reply-to: <CAO_bL1wpaxQ4+A9ScUSHFRPMCN0toD7z2hFe+mmrqqxyZ1J-3g@mail.gmail.com>
- List-help: <mailto:zsh-users-help@zsh.org>
- List-id: Zsh Users List <zsh-users.zsh.org>
- List-post: <mailto:zsh-users@zsh.org>
- Mailing-list: contact zsh-users-help@xxxxxxx; run by ezmlm
- References: <CAO_bL1wpaxQ4+A9ScUSHFRPMCN0toD7z2hFe+mmrqqxyZ1J-3g@mail.gmail.com>
I had a hard time figuring out how to send a reply to the mailing
list. So, I hope I will post it to the same thread.
René, thanks for your interest. It is not quite the same as the tools
you have listed. It's more like blackbox
(https://github.com/StackExchange/blackbox). You can even find it in
the 'Alternatives' section.
There several advantages in usability, while following the same
encryption algorithm.
In other words, git-secret does not store passwords or anything, but
it helps to organize and control any sensitive data inside a git-repo
to be accessible by the whole dev-team.
2016-03-13 18:48 GMT+03:00 Никита Соболев <n.a.sobolev@xxxxxxxxx>:
> There’s a known problem in server configuration and deploying, when
> you have to store your private data such as: database passwords,
> application secret-keys, OAuth secret keys and so on, outside of the
> git repository. Even if this repository is private, it is a security
> risk to just publish them into the world wide web. What are the
> drawbacks of storing them separately?
>
> These files are not version controlled. Filenames change, locations
> change, passwords change from time to time, some new information
> appears, other is removed. And you can not tell for sure which version
> of the configuration file was used with each commit.
> When building the automated deployment system there will be one extra
> step: download and place these secret-configuration files where they
> need to be. So you have to maintain an extra secure server, where
> everything is stored.
> How does git-secret solve these problems?
>
> git-secret encrypts files and stores them inside the git repository,
> so you will have all the changes for every commit.
> git-secret doesn’t require any other deploy operations rather than git
> secret reveal, so it will automatically decrypt all the required
> files.
> What is git-secret?
>
> git-secret is a bash tool to store your private data inside a git
> repo. How’s that? Basically, it just encrypts, using gpg, the tracked
> files with the public keys of all the users that you trust. So
> everyone of them can decrypt these files using only their personal
> secret key. Why deal with all this private-public keys stuff? Well, to
> make it easier for everyone to manage access rights. There are no
> passwords that change. When someone is out - just delete his public
> key, reencrypt the files, and he won’t be able to decrypt secrets
> anymore.
>
> Find out more: https://sobolevn.github.io/git-secret/
Messages sorted by:
Reverse Date,
Date,
Thread,
Author