Git Crypt¶
We use git-crypt to store the proxy secret tokens for each hub. Note that secrets requires for GitHub Actions are stored in the Settings
section in repository as per the Actions docs <https://docs.github.com/en/actions/reference/encrypted-secrets>_.
Setup git-crypt¶
The files in secrets/
are encrypted with git-crypt.
git-crypt allows us to store sensitive information in the repository “in
plain sight”.
To begin, install
git-crypt
. On OSX use:
brew install git-crypt
Alternatively, follow the instructions on https://www.agwa.name/projects/git-crypt/
Obtain a copy of
hub-ops.gitcrypt.key
. You can ask Leah Wasser, Karen Cranston, or Max Joseph for a copy. Copy the file into your checkout ofhub-ops
From the checkout directory run:
cat hub-ops.gitcrypt.key | git-crypt unlock -
or
git-crypt unlock hub-ops.gitcrypt.key
You should now be able to see plain text files in secrets/
.
Add your name to the list of people to contact in step 2.
Working With Encrypted Files¶
Once you have setup git-crypt and unlocked the files locally, you will be able to see all of the secret keys and edit things as need be. When you commit and push, git-crypt will re-encrypt the files so that nothing secret is pushed in plain text to GitHub.