git-secret is a bash tool to store your private data inside a git repo. How’s that? Basically, it just encrypts, using
gpg, the tracked files with the public keys of all the users that you trust. So everyone of them can decrypt these files using only their personal secret key. Why deal with all this private-public keys stuff? Well, to make it easier for everyone to manage access rights. There are no passwords that change. When someone is out - just delete their public key, re-encrypt the files, and they won’t be able to decrypt secrets anymore.
See the git-secret site.
See the installation section.
MIT. See LICENSE.md for details.
I wonder how safe this is. It seems to me that if you delete a public key and re-encrypt the files, the deleted user will still be able to encrypt previous commits.
I guess you have to remove the repository and then create a new one again. So no version history after all.