AGWA / git-crypt

Transparent file encryption in git
https://www.agwa.name/projects/git-crypt/
GNU General Public License v3.0
8.32k stars 479 forks source link

Use armored symetric keys ? #134

Closed sylr closed 4 years ago

sylr commented 7 years ago

Could it be possible to export and use ASCII armored symetric keys (base64 encoded) ?

KostyaZgara commented 4 years ago

Any new updates? Or could you explain how can I use git crypt with CI in secure way? My CI doesn't support safely passing binary data to the pipeline

AGWA commented 4 years ago

Hi! Thanks for the suggestion for git-crypt. I see how ASCII-armoring could be useful in some cases, but I'm not keen on encouraging its use because it makes it easier to mishandle keys, and it adds complexity to git-crypt.

Fortunately, you can use good old UNIX pipelines along with another tool like base64 if you need to ASCII-armor your keys.

To export a base64 key to armored_key:

$ git-crypt export-key -- - | base64 > armored_key

(The -- argument is because of a bug; as of 7c129cdd3830a55a8611eecf82af08cd3301f7f2 it is no longer necessary)

To unlock using a base64 key stored in armored_key:

$ base64 -d < armored_key | git-crypt unlock -