A read-only GitHub user cannot disable encryption

AGWA / git-crypt

Transparent file encryption in git

https://www.agwa.name/projects/git-crypt/

GNU General Public License v3.0

8.11k stars 472 forks source link

A read-only GitHub user cannot disable encryption #198

Closed nodesocket closed 3 years ago

nodesocket commented 4 years ago

If a GitHub user only has read permissions .i.e. deploy key they cannot disable git-crypt on a repo right? I want to use multiple keys to limit access depending on the user.

For example:

git clone git@github.com:FooInc/AcmeProject.git
cd AcmeProject
git-crypt unlock  # decrypts only a select number of encrypted files based on their gpg user
rm -f .gitattributes
git add .
git commit -am "removed .gitattributes"

They don't have access to all decrypted files now do they?

AGWA commented 3 years ago

I don't know what "deploy key" means, but if a user can only read - not write - the repository, they can't mess with .gitattributes to disable encryption.