Closed sylr closed 4 years ago
Any new updates? Or could you explain how can I use git crypt with CI in secure way? My CI doesn't support safely passing binary data to the pipeline
Hi! Thanks for the suggestion for git-crypt. I see how ASCII-armoring could be useful in some cases, but I'm not keen on encouraging its use because it makes it easier to mishandle keys, and it adds complexity to git-crypt.
Fortunately, you can use good old UNIX pipelines along with another tool like base64
if you need to ASCII-armor your keys.
To export a base64 key to armored_key
:
$ git-crypt export-key -- - | base64 > armored_key
(The --
argument is because of a bug; as of 7c129cdd3830a55a8611eecf82af08cd3301f7f2 it is no longer necessary)
To unlock using a base64 key stored in armored_key
:
$ base64 -d < armored_key | git-crypt unlock -
Could it be possible to export and use ASCII armored symetric keys (base64 encoded) ?