alerque
commented
4 years ago This is really two questions.
The first is about initial setup, and I'm wondering if you problem isn't that you double encrypted the file. Normally you would add & commit an secrets file while the repository was in an unlocked state. Your steps list indicates you added a file while the repository was locked, which probably means either the file is not encrypted and you are trying to decrypt it or possible that it has been encrypted twice.
I suggest messing with a test repo and changing the order you do that to commit the secrets file after you have an unlocked repo, then lock it and see what the file looks like.
Your second question is about access control using different keys. That is documented here: https://github.com/AGWA/git-crypt/blob/master/doc/multiple_keys.md (see also issues #158 and #197).
itsanjay
My workflow:
I generated a GPG key pair on my laptop and exported the private key. git-crypt init git-crypt add-gpg-user
I created and committed a .gitattributes file.
I created and committed a test file that matched the .gitattributes file.
git-crypt unlock
The result:
Error: no GPG secret key available to unlock this repository. To unlock with a shared symmetric key instead, specify the path to the symmetric key as an argument to 'git-crypt unlock'.
My Requirement:-
We have different tfvars file in out github repository. Below is the location of tfvars inside my git repo. terraform/environment/testing.tfvars terraform/environment/release.tfvars
our .gitattributes file is as below terraform/environments/*.tfvars filter=git-crypt diff=git-crypt
We are able to decrypt with git-crypt unlock with single default keys and able to open all tfvars file.
Our requirement:-
We want multiple keys functionality to be added for every GPG user Example: testing user should be able to decrypt (unlock) only testing.tfvars file
Similarly release user should be able to decrypt (unlock) only release.tfvars file