1GIT-SECRET-HIDE(1)          git-secret 0.5.0-alpha2         GIT-SECRET-HIDE(1)
2
3
4

NAME

6       git-secret-hide - encrypts all added files with repo keyring.
7

SYNOPSIS

9       git secret hide [-c] [-F] [-P] [-v] [-d] [-m]
10

DESCRIPTION

12       git-secret-hide  -  writes  an  encrypted version of each file added by
13       git-secret-add command.
14
15       Then anyone enabled via git secret tell can decrypt these files.
16
17       Under the hood, git-secret uses the keyring of public keys  in  .gitse‐
18       cret/keys  to  encrypt  files,  encrypted versions are typically called
19       filename.txt.secret.
20
21       Later permitted users can use their secret key  (typically  from  their
22       home directory) to decrypt files.
23
24       It is recommended to encrypt (or re-encrypt) all the files in a git-se‐
25       cret repo each time git secret hide is run.
26       Otherwise the keyring (the one stored  in  .gitsecret/keys/*.gpg),  may
27       have  changed  since  the  last time the files were encrypted, and it´s
28       possible to create a state where the users in the output of git  secret
29       whoknows  may not be able to decrypt the some files in the repo, or may
30       be able decrypt files they´re not supposed to be able to.
31
32       In other words, unless you re-encrypt all the files in a repo each time
33       you  hide  any, it´s possible to make it so some files can no longer be
34       decrypted by users who should be (and would  appear)  able  to  decrypt
35       them, and vice-versa.
36
37       If you know what you are doing and wish to encrypt or re-encrypt only a
38       subset of the files even after reading the above  paragraphs,  you  can
39       use  the -F or -m options. The -F option forces git secret hide to skip
40       any hidden files where the unencrypted versions aren´t present. The  -m
41       option  skips any hidden files that have not be been modified since the
42       last time they were encrypted.
43

OPTIONS

45       -v  - verbose, shows extra information.
46       -c  - deletes encrypted files before creating new ones.
47       -F  - forces hide to continue if a file to encrypt is missing.
48       -P  - preserve permissions of unencrypted file in encrypted file.
49       -d  - deletes unencrypted files after encryption.
50       -m  - encrypt files only when modified.
51       -h  - shows help.
52

ENV VARIABLES

54SECRETS_GPG_COMMAND changes the default  gpg  command  to  anything
55           else
56
57SECRETS_GPG_ARMOR   is   a   boolean   to   enable   --armor   mode
58           https://www.gnupg.org/gph/en/manual/r1290.html to store secrets  in
59           text format over binary
60
61SECRETS_DIR  changes the default .gitsecret/ folder to another name
62           as documented at git-secret(7) https://git-secret.io/
63
64SECRETS_EXTENSION changes the default .secret file extension
65
66SECRETS_VERBOSE changes  the  output  verbosity  as  documented  at
67           git-secret(7) https://git-secret.io/
68
69SECRETS_PINENTRY     changes     the     gpg     --pinentry    mode
70           https://github.com/gpg/pinentry  as  documented  at   git-secret(7)
71           https://git-secret.io/
72
73
74

MANUAL

76       Run man git-secret-hide to see this document.
77

SEE ALSO

79       git-secret-init(1)    https://git-secret.io/git-secret-init,    git-se‐
80       cret-tell(1)  https://git-secret.io/git-secret-tell,  git-secret-add(1)
81       https://git-secret.io/git-secret-add,              git-secret-reveal(1)
82       https://git-secret.io/git-secret-reveal,              git-secret-cat(1)
83       https://git-secret.io/git-secret-cat
84
85
86
87sobolevn                          April 2022                GIT-SECRET-HIDE(1)
Impressum