1GIT-CRYPT(1) git-crypt GIT-CRYPT(1)
2
6 git-crypt - transparent file encryption in Git
7
9 git-crypt [OPTIONS] COMMAND [ARGS...]
10
12 git-crypt init
13 git-crypt status
15 git-crypt lock
17
19 git-crypt add-gpg-user GPG_USER_ID
20 git-crypt unlock
22
24 git-crypt export-key OUTPUT_KEY_FILE
25 git-crypt unlock KEY_FILE
27
29 git-crypt enables transparent encryption and decryption of files in a
30 git repository. Files which you choose to protect are encrypted when
31 committed, and decrypted when checked out. git-crypt lets you freely
32 share a repository containing a mix of public and private content.
33 git-crypt gracefully degrades, so developers without the secret key can
34 still clone and commit to a repository with encrypted files. This lets
35 you store your secret material (such as keys or passwords) in the same
36 repository as your code, without requiring you to lock down your entire
37 repository.
38
40 git-crypt is logically divided into several sub-commands which perform
41 distinct tasks. Each sub-command, and its arguments, are documented
42 below. Note that arguments and options to sub-commands must be
43 specified on the command line after the name of the sub-command.
44 init [OPTIONS]
46 Generate a key and prepare the current Git repository to use
47 git-crypt.
48 The following options are understood:
50 -k KEY_NAME, --key-name KEY_NAME
52 Initialize the given key instead of the default key. git-crypt
53 supports multiple keys per repository, allowing you to share
54 different files with different sets of collaborators.
55 status [OPTIONS]
57 Display a list of files in the repository, with their status
58 (encrypted or unencrypted).
59 The following options are understood:
61 -e
63 Show only encrypted files.
64 -u
66 Show only unencrypted files.
67 -f, --fix
69 Encrypt files that should be encrypted but were committed to
70 the repository or added to the index without encryption. (This
71 can happen if a file is added before git-crypt is initialized
72 or before the file is added to the gitattributes file.)
73 add-gpg-user [OPTIONS] GPG_USER_ID...
75 Add the users with the given GPG user IDs as collaborators.
76 Specifically, git-crypt uses gpg(1) to encrypt the shared symmetric
77 key to the public keys of each GPG user ID, and stores the
78 GPG-encrypted keys in the .git-crypt directory at the root of the
79 repository.
80 GPG_USER_ID can be a key ID, a full fingerprint, an email address,
82 or anything else that uniquely identifies a public key to GPG (see
83 "HOW TO SPECIFY A USER ID" in the gpg(1) man page).
84 The following options are understood:
86 -k KEY_NAME, --key-name KEY_NAME
88 Grant access to the given key, rather than the default key.
89 -n, --no-commit
91 Don't automatically commit the changes to the .git-crypt
92 directory.
93 --trusted
95 Assume that the GPG keys specified on the command line are
96 trusted; i.e. they actually belong to the users that they claim
97 to belong to.
98 Without this option, git-crypt uses the same trust model as
100 GPG, which is based on the Web of Trust by default. Under this
101 model, git-crypt will reject GPG keys that do not have trusted
102 signatures.
103 If you don't want to use the Web of Trust, you can either
105 change GPG's trust model by setting the trust-model option in
106 ~/.gnupg/gpg.conf (see gpg(1)), or use the --trusted option to
107 add-gpg-user on a case-by-case basis.
108 unlock [KEY_FILE...]
110 Decrypt the repository. If one or more key files are specified on
111 the command line, git-crypt attempts to decrypt using those shared
112 symmetric keys. If no key files are specified, git-crypt attempts
113 to decrypt using a GPG-encrypted key stored in the repository's
114 .git-crypt directory.
115 This command takes no options.
117 export-key [OPTIONS] FILENAME
119 Export the repository's shared symmetric key to the given file.
120 The following options are understood:
122 -k KEY_NAME, --key-name KEY_NAME
124 Export the given key, rather than the default key.
125 help [COMMAND]
127 Display help for the given COMMAND, or an overview of all commands
128 if no command is specified.
129 version
131 Print the currently-installed version of git-crypt. The format of
132 the output is always "git-crypt", followed by a space, followed by
133 the dotted version number.
134
136 First, you prepare a repository to use git-crypt by running git-crypt
137 init.
138 Then, you specify the files to encrypt by creating a gitattributes(5)
140 file. Each file which you want to encrypt should be assigned the
141 "filter=git-crypt diff=git-crypt" attributes. For example:
142 secretfile filter=git-crypt diff=git-crypt
144 *.key filter=git-crypt diff=git-crypt
145 Like a .gitignore file, .gitattributes files can match wildcards and
147 should be checked into the repository. Make sure you don't accidentally
148 encrypt the .gitattributes file itself (or other git files like
149 .gitignore or .gitmodules). Make sure your .gitattributes rules are in
150 place before you add sensitive files, or those files won't be
151 encrypted!
152 To share the repository with others (or with yourself) using GPG, run:
154 git-crypt add-gpg-user GPG_USER_ID
156 GPG_USER_ID can be a key ID, a full fingerprint, an email address, or
158 anything else that uniquely identifies a public key to GPG. Note:
159 git-crypt add-gpg-user will add and commit a GPG-encrypted key file in
160 the .git-crypt directory of the root of your repository.
161 Alternatively, you can export a symmetric secret key, which you must
163 securely convey to collaborators (GPG is not required, and no files are
164 added to your repository):
165 git-crypt export-key /path/to/key
167 After cloning a repository with encrypted files, unlock with with GPG:
169 git-crypt unlock
171 Or with a symmetric key:
173 git-crypt unlock /path/to/key
175 That's all you need to do - after git-crypt is set up (either with
177 git-crypt init or git-crypt unlock), you can use git normally -
178 encryption and decryption happen transparently.
179
181 The .gitattributes file is documented in gitattributes(5). The file
182 pattern format is the same as the one used by .gitignore, as documented
183 in gitignore(5), with the exception that specifying merely a directory
184 (e.g. "/dir/") is not sufficient to encrypt all files beneath it.
185 Also note that the pattern "dir/*" does not match files under
187 sub-directories of dir/. To encrypt an entire sub-tree dir/, place the
188 following in dir/.gitattributes:
189 * filter=git-crypt diff=git-crypt
191 .gitattributes !filter !diff
192 The second pattern is essential for ensuring that .gitattributes itself
194 is not encrypted.
195
197 In addition to the implicit default key, git-crypt supports alternative
198 keys which can be used to encrypt specific files and can be shared with
199 specific GPG users. This is useful if you want to grant different
200 collaborators access to different sets of files.
201 To generate an alternative key named KEYNAME, pass the -k KEYNAME
203 option to git-crypt init as follows:
204 git-crypt init -k KEYNAME
206 To encrypt a file with an alternative key, use the git-crypt-KEYNAME
208 filter in .gitattributes as follows:
209 secretfile filter=git-crypt-KEYNAME diff=git-crypt-KEYNAME
211 To export an alternative key or share it with a GPG user, pass the -k
213 KEYNAME option to git-crypt export-key or git-crypt add-gpg-user as
214 follows:
215 git-crypt export-key -k KEYNAME /path/to/keyfile
217 git-crypt add-gpg-user -k KEYNAME GPG_USER_ID
218 To unlock a repository with an alternative key, use git-crypt unlock
220 normally. git-crypt will automatically determine which key is being
221 used.
222
224 git(1), gitattributes(5), git-crypt home page[1], GitHub repository[2]
225
227 Andrew Ayer <agwa@andrewayer.name>
228
230 1. git-crypt home page
231 https://www.agwa.name/projects/git-crypt
232 2. GitHub repository
234 https://github.com/AGWA/git-crypt
235git-crypt 0.6.0 2017-11-26 GIT-CRYPT(1)