DevOps Articles

Git-Crypt: A tool to Secure your Secrets.

he fact that we do not store sensitive information is well known,while dealing with containers, Kubernetes, cloud, and secretswe must avoid or should not commit sensitive information likeAccess keys, passwords, and SSH Private keys in the repository, even if the repository is private. The basic workflow for a GPG-based tool is: Initialize the repository with the encryption tool Create GPG keys for users that are allowed to manage secret files Add the corresponding public keys to the tool Designate the files that should be treated as “secret” Encrypt the files using the tool Repeat steps 2, 3, and 5 for each new user that is granted permission To revoke a user, remove the user and repeat step 5

Coming back to what git-crypt is?Git-crypt: A tool that enables transparent encryption and decryption of files in a git repository. When committed, files that you choose to protect are encrypted and decrypted when checked out.Git-crypt allows you to share a repository that contains a mix of public and private content.Git-crypt degrades gracefully, so developers can still clone and commit to a repository with encrypted files without the secret key.

Make sure that the repo is not in a “locked state” when adding a new file that conforms to the.gitattributes file for files that are encrypted with git-crypt to get around such a stated issue.