git-crypt icon indicating copy to clipboard operation
git-crypt copied to clipboard
verified publisher icon AGWA

prevent committing unencrypted files that should be encrypted

Open akostadinov opened this issue 5 years ago • 0 comments

Hi, my team started to use git-crypt recently. I see that for new people it is very easy to forget unlocking the repo and only then submitting files that should be encrypted.

That is, when a new file is added. Then a pull request could be created with all secret files exposed.

  1. git clone
  2. # user forgets git crypt unlock or does not have key
  3. vi secrets/some-file.txt
  4. git add secrets/some-file.txt
  5. git commit -m "adding a new secret"
  6. # now at step 4 or 5 git-crypt could return an error to prevent secrets leaks
  7. git push

In this way it should be impossible for people to submit unencrypted files (that should be encrypted according to .gitattributes) regardless of they having access to encrypted content or not.

akostadinov avatar Mar 07 '20 15:03 akostadinov