Git encryption that works
Intructions on git encryption are to found around the web, some don’t work, some are too difficult. The following works for me. Make sure you understand what you’re doing if you decide to use it. All thanks, kudos, merit and attribution to this excellent post.
- Make sure git and openssl are installed and working on your system
- Create a directory in $HOME:
mkdir ~/.gitencrypt
- Make it accessible only to user
chmod 0700 ~/.gitencrypt
- Create the 3 following files in this directory:
cat > ~/.gitencrypt/clean_filter_openssl <<EOF #!/bin/sh SALT= PASSWORD= openssl enc -base64 -aes-256-ecb -S $SALT -k $PASSWORD EOF cat > ~/.gitencrypt/diff_filter_openssl <<EOF #!/bin/sh PASSWORD= openssl enc -d -base64 -aes-256-ecb -k $PASSWORD -in "" 2> /dev/null || cat "" EOF cat > ~/.gitencrypt/smudge_filter_openssl <<EOF #!/bin/sh PASSWORD= openssl enc -d -base64 -aes-256-ecb -k $PASSWORD 2> /dev/null || cat EOF
- Make these 3 files executable:
chmod +x ~/.gitencrypt/*
- Generate a random, 24-hex characters salt and a random password, and set them in the files created above:
RANDOM_SALT=$(tr -dc 'A-F0-9' < /dev/urandom | head -c16) RANDOM_PASSWORD=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c18) sed -i -e "s/SALT=/SALT=${RANDOM_SALT}/" ~/.gitencrypt/* sed -i -e "s/PASSWORD=/PASSWORD=${RANDOM_PASSWORD}/" ~/.gitencrypt/*
- Create a git repository:
mkdir repos cd repos git init
- Append lines to .git/config:
cat >> .git/config <<EOF
[filter “openssl”] smudge = ~/.gitencrypt/smudge_filter_openssl clean = ~/.gitencrypt/clean_filter_openssl [diff “openssl”] textconv = ~/.gitencrypt/diff_filter_openssl EOF
- Add a .gitattributes file
cat > .gitattributes <<EOF * filter=openssl diff=openssl [merge] renormalize=true EOF
- Now all commits will be encrypted.