You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, I'm very new to git-crypt and GPG as well, and have a couple of questions.
What is an appropriate method of making the encrypted files in the repo readable (and modifiable) on multiple hosts controlled by me? For example VMs or SBCs like a Raspberry Pi? Let's assume the hosts are all on a home network, so eavesdropping on network traffic is not a concern, I think (or at worst, that sneakernet is an option).
Does git-crypt make any use of specific subkeys? add-gpg-user doesn't seem to accept subkey IDs. The reason I ask is that searching for "GPG multiple devices" leads to recommendations to use subkeys for different devices, but this was a recommendation for use with encrypted email, where the existennce of multiple subkeys was used to revoke a subkey in case of device theft while keeping other subkeys functional. AIUI git-crypt doesn't support key rotation so revoking doesn't really work, but my main concern is being able to access the repo's secret files without either having to transfer gpg keypair everywhere, or generating a new key for every host.
Should .gitattributes file be committed to the repository? I didn't see this mentioned in the how-to, but did see it mentioned here, and not doing so leaves the secret file encrypted even after issuing unlock for anyone who just cloned the repo onto a clean slate. Is there any risk in adding the file?
Is it normal that even in unlocked repository, interactive adding (git add -i ...) sees updates to encrypted files as binary changes?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello, I'm very new to git-crypt and GPG as well, and have a couple of questions.
add-gpg-user
doesn't seem to accept subkey IDs. The reason I ask is that searching for "GPG multiple devices" leads to recommendations to use subkeys for different devices, but this was a recommendation for use with encrypted email, where the existennce of multiple subkeys was used to revoke a subkey in case of device theft while keeping other subkeys functional. AIUI git-crypt doesn't support key rotation so revoking doesn't really work, but my main concern is being able to access the repo's secret files without either having to transfer gpg keypair everywhere, or generating a new key for every host..gitattributes
file be committed to the repository? I didn't see this mentioned in the how-to, but did see it mentioned here, and not doing so leaves the secret file encrypted even after issuingunlock
for anyone who just cloned the repo onto a clean slate. Is there any risk in adding the file?git add -i ...
) sees updates to encrypted files as binary changes?Beta Was this translation helpful? Give feedback.
All reactions