Hello Readers!! We are again back with an excited topic i.e how to use git-crypt for managing secrets in git repositories. In my previous blog we have seen what is git-crypt and its installation process. Basically Git-Crypt is an open-source, transparent data encryption tool designed specifically for Git repositories. It allows us to encrypt and decrypt files within a Git repository seamlessly.
Let’s start with it!!
Prerequisites
Before we start using Git-Crypt, ensure that it’s installed on our system. We can typically install it on Ubuntu using the following command:
Its successfully installed as we can see here:
Steps for managing secrets in Git Repositories using Git-Crypt:
- Create or Navigate to our Git Repository:
Begin by navigating to the Git repository that we want to secure using Git-Crypt or create a new one if needed. I am creating a new public repository for it:
And I have created a secret file in this repository.
- Initialize Git-Crypt:
Inside our repository’s root directory, initialize Git-Crypt using the following command:
$ git-crypt init
This command sets up the necessary configuration files for Git-Crypt in your repository.
- Specify Encrypted Files
Now that Git-Crypt is initialized, we need to specify which files should be encrypted.
Create a .gitattributes file. If our repository doesn’t already have a .gitattributes file, create one in the root directory. This file will define the patterns for files that need encryption.
In the .gitattributes file, specify the files that should be encrypted and decrypted. For example:
secret.txt filter=git-crypt diff=git-crypt
This line tells Git-Crypt to encrypt “secret.txt” whenever it’s committed to the repository.
- Generate GPG Keys
Generate your GPG Key:
If we haven’t already generated a GPG key for your email address, we can do so by using the following command:
$ gpg --gen-key
- Export our Public Key
After generating your GPG key, you need to export your public key in ASCII format:
$ gpg --export --armor '<your_id>' > my_public_key.asc
This command exports your GPG public key to a file named ‘my_public_key.asc’ in ASCII format.
And run this command:
$ git-crypt add-gpg-user --trusted <your_id>
- Encrypting and Decrypting Files
With Git-Crypt set up, we can now encrypt and decrypt files as needed.
Encrypt Files:
To encrypt files, use the following command:
$ git-crypt lockGit-Crypt will automatically encrypt the specified files using the GPG keys of authorized users.
Commit the changes to your Git repository. The encrypted files will be securely stored.
Decrypt Files:
We can decrypt files using their GPG keys with the following command:
$ git-crypt unlockThis command decrypts the files, making them readable.
Conclusion
In this blog we have learnt how to use git-crypt for managing secrets in git repositories. Its really very simple and efficient to use. If this blog helped you somewhere do like this post and share this with needful. Thanks for being with me till end.
Happy Learning!!