試した環境
$ dpkg-query -W git git-crypt
git 1:2.30.0-1
git-crypt 0.6.0-1
$ lsb_release -dr
Description: Debian GNU/Linux bullseye/sid
Release: unstable
$ uname -rm
5.10.0-1-amd64 x86_64$ git-crypt add-gpg-user 9C3EC5272FFDAF803289ADE4398C09CC572E532C
[master (root-commit) de08cf2] Add 1 git-crypt collaborator
2 files changed, 4 insertions(+)
create mode 100644 .git-crypt/.gitattributes
create mode 100644 .git-crypt/keys/default/0/9C3EC5272FFDAF803289ADE4398C09CC572E532C.gpg.gitattributes に暗号化したいファイルを登録する.
$ echo 'password filter=git-crypt diff=git-crypt' > | tee -a ./.gitattributes
password filter=git-crypt diff=git-crypt該当ファイルが暗号化されている
$ curl -s https://bitbucket.org/matoken/git-crypt/raw/3e9f470635393aad2c328730ab2ad2ff7169d525/password | od -xc
0000000 4700 5449 5243 5059 0054 8d04 9325 2eb6
\0 G I T C R Y P T \0 004 215 % 223 266 .
0000020 130a 674f b417 8f41 e5bc 0295 de44 0024
\n 023 O g 027 264 A 217 274 345 225 002 D 336 $
0000037該当ファイルが暗号化されている
$ git clone https://bitbucket.org/matoken/git-crypt
$ cd git-crypt
$ file password
password: data
$ od -xc ./password
0000000 4700 5449 5243 5059 0054 8d04 9325 2eb6
\0 G I T C R Y P T \0 004 215 % 223 266 .
0000020 130a 674f b417 8f41 e5bc 0295 de44 0024
\n 023 O g 027 264 A 217 274 345 225 002 D 336 $
0000037アンロックすると中が見える.
$ git-crypt unlock
$ cat password
password再度ロックする
$ git-crypt lock$ git-crypt add-gpg-user 5071E226B689C97F1481579CCB0449E0CF1A89BF
[master 3eecbd4] Add 1 git-crypt collaborator
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 .git-crypt/keys/default/0/5071E226B689C97F1481579CCB0449E0CF1A89BF.gpg鍵の確認
$ git-crypt status
not encrypted: .git-crypt/.gitattributes
not encrypted: .git-crypt/keys/default/0/5071E226B689C97F1481579CCB0449E0CF1A89BF.gpg
not encrypted: .git-crypt/keys/default/0/9C3EC5272FFDAF803289ADE4398C09CC572E532C.gpg
not encrypted: .gitattributes
encrypted: password$ cd ${GIT_DIR}
$ git-crypt init
Generating key...
$ vi .gitattributes
$ git diff .gitattributes
diff --git a/.gitattributes b/.gitattributes
index a1b27b1..bfd57da 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1 +1,2 @@
password filter=git-crypt diff=git-crypt
+seaclet filter=git-crypt diff=git-crypt
$ git-crypt status
not encrypted: .git-crypt/.gitattributes
not encrypted: .git-crypt/keys/default/0/5071E226B689C97F1481579CCB0449E0CF1A89BF.gpg
not encrypted: .git-crypt/keys/default/0/9C3EC5272FFDAF803289ADE4398C09CC572E532C.gpg
not encrypted: .gitattributes
encrypted: password
encrypted: seaclet *** WARNING: staged/committed version is NOT ENCRYPTED! ***
Warning: one or more files is marked for encryption via .gitattributes but
was staged and/or committed before the .gitattributes file was in effect.
Run 'git-crypt status' with the '-f' option to stage an encrypted version.
$ git add .gitattributes
$ git commit -m '`seaclet` file encrypt'
|
Note
|
過去は暗号化されないので歴史から消すなどの改変が必要そう Git - 歴史の書き換え |