git-rcrypt
encrypts files in a git repository. It is similar to git-crypt, but not compatible.
Goals of the project:
- easy installation on Windows
- to be a small and simple program
- install Rust: https://www.rust-lang.org/tools/install
- install
git-rcrypt
:
cargo install --git https://github.com/gtrafimenkov/git-rcrypt --tag v0.0.3
- initialize encryption in a git repository:
git-rcrypt init
- important: copy
.git/git-rcrypt.key
to a secure place; this is the key for unlocking (decrypting) the repository - create file
.gitattributes
similar to this one .gitattributes; it will tell Git what files should be encrypted
git-rcrypt
uses git smudge and clean filters functionality to encrypt files on commit and decrypt on checkoutgit-rcrypt init
generates a new encryption key, stores it to.git/git-rcrypt.key
, configuresgit-rcrypt
as a clean, smudge and diff filter- after that files configured for encryption in
.gitattributes
will be automatically encrypted and decrypted git-rcrypt lock
deconfiguresgit-rcrypt
as the filter, removes the key file, checks out encrypted files. After that, decrypted checked out files will be replaced with their encrypted variantsgit-rcrypt unlock
takes a path to the key file, copies it to.git/git-rcrypt.key
, configures itself as a clean, smudge, diff filter and checks out encrypted files. The files will be decrypted during checkout
- files are encrypted with AES in CTR mode using 256 bit key
- encrypted files are authenticated using HMAC sha256
- HMAC sha256 of an unencrypted file is used as the initialization vector for encryption
- store the key file in a secure place
- alternatively, encode it into base64 and store in a password manager:
- encoding the key:
cat .git/git-rcrypt.key | base64
- unlocking repository with encoded key:
base64 -d | git-rcrypt unlock -
- encoding the key:
GPL v3 or later