Last active
November 24, 2022 21:11
-
-
Save thejustinwalsh/942385d1aeccbb6f685ec27db212ef30 to your computer and use it in GitHub Desktop.
Using Keybase.io with git-secret
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # install git secret (pick one) | |
| brew install git-secret | |
| sudo apt-get install git-secret | |
| # Import keys into gpg from keybase | |
| export GPG_TTY=$(tty) # Required for passphrase entry on WSL2 and MacOS | |
| keybase pgp export | gpg --import | |
| keybase pgp export --secret | bash -c "gpg --import --allow-secret-key-import" | |
| # Import keys from user you wish to add | |
| keybase follow <keybase.io user> | |
| keybase pull <keybase.io user> | |
| # sign and save the key for <keybase.io user> | |
| # thier key will either be something like keybase.io/<keybase.io user> or something custom in the uid field of the output | |
| gpg --list-keys | |
| gpg --edit-key <keybase.io user || uid> | |
| > lsign | |
| > save | |
| # navigate to your git repo | |
| git secret init | |
| # add users who can decrypt the file | |
| git secret tell <keybase.io user || uid> | |
| # create and add a file to the secret | |
| echo REACT_APP_API_KEY=1234 > .env | |
| echo .env > .gitignore | |
| git secret add .env | |
| # Encrypt the secrets | |
| git secret hide | |
| # Decrypt the secrets | |
| git secret reveal | |
| # pre-commit hook | |
| cp .git/hooks/pre-commit.sample .git/hooks/pre-commit | |
| code .git/hooks/pre-commit | |
| > #!/bin/sh | |
| > export PATH=/usr/local/bin:"$PATH" | |
| > echo "encrypting files" | |
| > git secret hide | |
| > git add .gitsecret/paths/mapping.cfg | |
| > git add src/*.secret |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment