git-crypt icon indicating copy to clipboard operation
git-crypt copied to clipboard

Published 20 hours ago verified publisher icon AGWA

Add `list-gpg-user`command to list all added users

Open zhiboz opened this issue 10 years ago • 18 comments

Is it feasible to introduce a new command

git-crypt list-gpg-user

to list all added gpg users? Are there alternatives to show that info with the existing implementation?

zhiboz avatar Feb 24 '15 15:02 zhiboz

Yeah, this is planned. For now, if you list the contents of the .git-crypt/keys/default/0/ directory you'll get the full GPG fingerprints of every authorized user.

AGWA avatar Feb 24 '15 15:02 AGWA

Cool! Greatly appreciate your efforts!

zhiboz avatar Feb 24 '15 15:02 zhiboz

They are the fingerprints and not the actual GPG keys?

tachang avatar May 29 '15 18:05 tachang

Yes, the filenames are the fingerprints, not the actual keys.

AGWA avatar May 29 '15 18:05 AGWA

Gotcha. Is the .git-crypt directory actually encrypted as well? I don't see the need to encrypt it. Also wouldn't it make sense to store the public key as well? Or is it there and I am just missing it.

tachang avatar May 29 '15 18:05 tachang

The .git-crypt directory is not encrypted by git-crypt (in fact, git-crypt installs a .gitattributes file in .git-crypt to override any rules that might cause it to be encrypted inadvertently).

That said, each file inside .git-crypt is separately encrypted, by GPG, to the public key indicated by the fingerprint in the filename. This is what allows contributors to unlock the repository using their GPG private key.

It wouldn't make sense for git-crypt to store the GPG public key. That's what the GPG keyring is for. Given a fingerprint, you can export the public key from GPG with gpg --export.

AGWA avatar May 29 '15 19:05 AGWA

I'm waiting for this feature, this's gonna be great! 👍

ghost avatar Aug 21 '17 02:08 ghost

👍 for this subcommand

Aslan avatar Oct 04 '17 23:10 Aslan

+1 very useful feature to have

Constantin07 avatar Mar 09 '18 11:03 Constantin07

I found this awesome blog post! https://www.devopsgroup.com/2016/12/08/easy-git-crypt-user-identification/

GregSharpe1 avatar Aug 06 '18 10:08 GregSharpe1

Thanks @GregSharpe1. Nice article!

Constantin07 avatar Aug 06 '18 20:08 Constantin07

Wow @GregSharpe1, that's exacly what I was looking for!!

jake-morgan avatar Aug 31 '18 10:08 jake-morgan

Just check the git log

git log .git-crypt/

chribsen avatar Nov 01 '18 15:11 chribsen

git log .git-crypt/keys/*/*/*.gpg

bentterp avatar Nov 05 '19 11:11 bentterp

Create git alias to make pseudo-command git crypt-users Add this..

[alias]
	crypt-users = ! git log  .git-crypt/keys/*/*/*.gpg | egrep '\\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,6}\\b'

to your ~/.gitconfig

UPDATE: new version

[alias]
	crypt-users = "! git log --format=full .git-crypt/keys/*/*/*.gpg | grep -E '^            .+' | sed 's/ *$//g' | awk '{gsub(/^[ \t]+/,\"\"); print $0 }'"

sobi3ch avatar Oct 20 '20 06:10 sobi3ch

@AGWA is this still planned? This feature would increase the UX and thus security by making it more transparent which users were granted access.

jottr avatar Jul 22 '21 20:07 jottr

@AGWA Is there any updates on this issue ?

AlexShmelev avatar Jan 10 '22 17:01 AlexShmelev

Create git alias to make pseudo-command git crypt-users Add this..

[alias]
	crypt-users = ! git log  .git-crypt/keys/*/*/*.gpg | egrep '\\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,6}\\b'

to your ~/.gitconfig

UPDATE: new version

[alias]
	crypt-users = "! git log --format=full .git-crypt/keys/*/*/*.gpg | grep -E '^            .+' | sed 's/ *$//g' | awk '{gsub(/^[ \t]+/,\"\"); print $0 }'"

If anybody is looking for one that only lists the emails (that was what I needed anyways):

[alias]
        crypt-users = "! git log --format=full .git-crypt/keys/*/*/*.gpg | grep -E '^            .+' | sed 's/ *$//g' | awk '{gsub(/^[ \t]+/,\"\"); print $0 }' | awk 'NF>1{print $NF}' | sed 's/.//;s/.$//'"

Wow, this worked like a charm. Thank you!

ikegentz avatar May 18 '22 03:05 ikegentz