git secret cmds

git-secret.sh

# https://confluence.atlassian.com/bitbucketserver/using-gpg-keys-913477014.html
# generate your gpg keys
gpg --gen-key
# fill prompt questions
gpg --list-keys
gpg --list-secret-keys --keyid-format LONG


# import/export keys: https://www.debuntu.org/how-to-importexport-gpg-key-pair/
# show hash id of your keys
gpg --list-keys
# copy your hash id "ABCDFE01", and export your keys files
gpg --output mygpgkey_pub.gpg --armor --export ABCDFE01
gpg --output mygpgkey_sec.gpg --armor --export-secret-key ABCDFE01
# import keys
gpg --import ~/mygpgkey_pub.gpg
gpg --allow-secret-key-import --import ~/mygpgkey_sec.gpg


# docs: http://git-secret.io/
# tutorial: https://asciinema.org/a/41811
# in case no git-secret setup
git secret init
# add user
git secret tell [email protected]
# remove target file from git
git rm --cached config/default.json
# add target file to be handled by git-secret
git secret add config/default.json
# generate encrypted files
git secret hide
# remove non-encrypted files
rm -f config/default.json
# re-generate unencrypted files
git secret reveal



# deployments
# create gpg user
gpg --gen-key
# export user priv key
gpg --export-secret-key [email protected] --armor  > private_key.gpg
# upload priv key to server
scp private_key.gpg [email protected]:/home/ubuntu/private_key.gpg
# import priv key in server
gpg --import private_key.gpg
# install git secret
echo "deb https://dl.bintray.com/sobolevn/deb git-secret main" | sudo tee -a /etc/apt/sources.list
wget -qO - https://api.bintray.com/users/sobolevn/keys/gpg/public.key | sudo apt-key add -
sudo apt-get update && sudo apt-get install git-secret