yadm-transcrypt

Set the symmetric cipher to utilize for encryption

$ yadm transcrypt --cipher=[cipher]

$ yadm transcrypt --password=[password]

$ yadm transcrypt --yes

$ yadm transcrypt --display

$ yadm transcrypt --rekey

yadm-transcrypt add path [rule]
yadm-transcrypt remove path [rule]
yadm-transcrypt update path [rule]
yadm-transcrypt show [rule]
yadm-transcrypt help

    Specifies the operation to perform on the transcrypt configuration. Common actions include add, remove, update, show, and help.


    The path to a file or directory within the yadm repository that the encryption rule applies to. Required for add, remove, and update actions.

[]
    An optional identifier or name for the encryption rule. When specified, it helps to uniquely identify or apply the rule. For show, it filters the displayed rules.

The `yadm-transcrypt` command is a specialized utility script within the `yadm` (Yet Another Dotfiles Manager) ecosystem. Its primary function is to manage the configuration for
`transcrypt`, an external tool that provides transparent encryption and decryption of sensitive files within a Git repository.

While `yadm` supports multiple encryption backends like `git-crypt` and `age`, `yadm-transcrypt` specifically handles the setup and modification of `transcrypt` rules. These rules are typically stored in a `.yadm/transcrypt.conf` file, which dictates which files or directories should be encrypted or decrypted by `transcrypt` when `yadm encrypt` or `yadm decrypt` commands are executed.

This utility allows users to add, remove, update, or display these encryption rules, providing fine-grained control over which parts of their dotfiles remain sensitive and protected. Although often invoked indirectly by `yadm` for its encryption features, understanding `yadm-transcrypt` is crucial for advanced `yadm` users who wish to customize their transparent encryption setup using `transcrypt`.

yadm-transcrypt is primarily a helper script used by `yadm` to manage its `transcrypt` integration. Direct invocation is possible but less common than relying on `yadm encrypt` or `yadm decrypt`.
It requires the `transcrypt` utility to be installed and configured on your system for `yadm`'s transparent encryption features to function correctly.
Misuse of this command can lead to unencrypted sensitive files or issues with decryption.

The `yadm-transcrypt` utility primarily manipulates the `.yadm/transcrypt.conf` file located within your yadm repository. This file acts as a manifest, listing paths and associated encryption rules (e.g., 'AES256') that `transcrypt` should apply. `yadm` reads this configuration when performing encryption or decryption operations.

When `yadm` is configured to use `transcrypt`, files matching rules in `.yadm/transcrypt.conf` are automatically encrypted upon 'git add' and decrypted upon 'git checkout'. This 'transparency' means sensitive data is never stored unencrypted in the Git repository but is readily available in its decrypted form when working on your local machine.

`yadm` has supported transparent encryption of sensitive files for a long time, initially relying heavily on `git-crypt`. As part of its continuous development, `yadm` expanded its support to include other encryption backends, one of which is `transcrypt`. The `yadm-transcrypt` helper script was introduced to facilitate the specific configuration and management of `transcrypt` rules within the `yadm` dotfiles repository, providing users with more choice and flexibility in their encryption strategy. Its evolution is tied to `yadm`'s goal of offering robust and adaptable dotfile management.

yadm(1), transcrypt(1), git-crypt(1)