yadm-git-crypt

Initialize repo to use Git Crypt

$ yadm git-crypt init

$ yadm git-crypt add-gpg-user [user_id]

$ yadm git-crypt unlock

$ yadm git-crypt export-key [path/to/key_file]

yadm git-crypt init
yadm git-crypt add <file>
yadm git-crypt unlock

init
    Initializes git-crypt for the repository. This creates a .gitattributes file and sets up the necessary encryption keys.

add <file>
    Adds a file to be encrypted by git-crypt. This modifies the .gitattributes file to include the specified file. Remember to commit the changes to the .gitattributes file.

unlock
    Unlocks the git-crypt repository, decrypting the encrypted files. Requires a valid git-crypt key. Prompts for the password for the key.

yadm-git-crypt is an extension for yadm (Yet Another Dotfiles Manager) that integrates with git-crypt to provide transparent encryption and decryption of sensitive files within your dotfiles repository. It allows you to safely store configuration files containing passwords, API keys, or other sensitive information in your git repository without exposing them in plaintext. When yadm initializes or updates, yadm-git-crypt will automatically decrypt files, and when committing changes, it will encrypt them using git-crypt. This ensures that sensitive data is only accessible when the repository is actively being used on an authorized machine and remains encrypted at rest in the repository. yadm-git-crypt simplifies the process of managing encrypted dotfiles by handling the encryption and decryption steps automatically.

It leverages the power of git-crypt, which uses standard asymmetric encryption to ensure that only authorized users with the correct key can access the encrypted data.

Requires git-crypt to be installed and configured. Ensure the .gitattributes file is properly configured and committed to the repository. Incorrect setup can lead to unencrypted sensitive data being committed.

Proper key management is crucial for the security of encrypted files. Ensure the git-crypt key is stored securely and not committed to the repository. Consider using a password manager to store the key password.

The typical workflow involves initializing git-crypt, adding files to be encrypted using 'yadm git-crypt add', committing the changes to .gitattributes, and unlocking the repository when needed. When finished, commit the encrypted files, push to your remote server and the data remains safe

git(1), git-crypt(1), yadm(1)