git-crypt
TLDR
Initialize git-crypt in repo
$ git-crypt init
Add GPG user$ git-crypt add-gpg-user [user@example.com]
Unlock repository$ git-crypt unlock
Lock repository$ git-crypt lock
Export symmetric key$ git-crypt export-key [/path/to/key]
Unlock with key file$ git-crypt unlock [/path/to/key]
SYNOPSIS
git-crypt command [options]
DESCRIPTION
git-crypt enables transparent encryption of files in a Git repository. Configured files are encrypted when committed and decrypted when checked out, allowing sensitive data to be stored securely.
Encryption is configured via .gitattributes patterns. Users with the key or authorized GPG keys can unlock the repository.
PARAMETERS
init
Initialize git-crypt in repository.add-gpg-user user
Add GPG user who can unlock.unlock [keyfile]
Decrypt encrypted files.lock
Re-encrypt files.export-key file
Export symmetric key.status [-e|-u]
Show encryption status of files.
CONFIGURATION
$ # .gitattributes
secrets/** filter=git-crypt diff=git-crypt
*.key filter=git-crypt diff=git-crypt
.env filter=git-crypt diff=git-crypt
secrets/** filter=git-crypt diff=git-crypt
*.key filter=git-crypt diff=git-crypt
.env filter=git-crypt diff=git-crypt
CAVEATS
Encrypted files appear as binary. File names are not encrypted. Requires GPG for multi-user access. History contains encrypted versions. Not for large files (use git-lfs).
HISTORY
git-crypt was created by Andrew Ayer to solve the problem of storing secrets in git repositories. It provides simpler setup than alternative approaches like git-secret.
SEE ALSO
git(1), gpg(1), git-secret(1)
