至此 alice@example.com
就有了一个新机密和私钥 , 将其导出到 secret.gpg
。.dev/gpg-keys/alice-public.gpg
。剩下的命令现在可以直接在application
容器外的主机上运行 。
git-secret 的初始设置现在来将 git-secret
引入一个新的代码库 , 然后运行以下命令 。
初始化 git-secret
:
make secret-init$ make secret-init"C:/Program Files/Git/mingw64/bin/make" -s git-secret ARGS="init";git-secret: init created: '/var/www/app/.gitsecret/'
应用 gpg
对共享目录进行修复:
$ make secret-init-gpg-socket-config$ make secret-init-gpg-socket-configecho "%Assuan%" > .gitsecret/keys/S.gpg-agentecho "socket=/tmp/S.gpg-agent" >> .gitsecret/keys/S.gpg-agentecho "%Assuan%" > .gitsecret/keys/S.gpg-agent.sshecho "socket=/tmp/S.gpg-agent.ssh" >> .gitsecret/keys/S.gpg-agent.sshecho "extra-socket /tmp/S.gpg-agent.extra" > .gitsecret/keys/gpg-agent.confecho "browser-socket /tmp/S.gpg-agent.browser" >> .gitsecret/keys/gpg-agent.conf
容器启动后初始化 gpg重启容器后 , 需要初始化 gpg
也就是导入公钥 .dev/gpg-keys/*
和导入私钥 Secret.gpg
, 不然就无法对文件进行加密和解密 。
make gpg-init$ make gpg-init"C:/Program Files/Git/mingw64/bin/make" -s gpg-import GPG_KEY_FILES="secret.gpg"gpg: directory '/home/application/.gnupg' createdgpg: keybox '/home/application/.gnupg/pubring.kbx' createdgpg: /home/application/.gnupg/trustdb.gpg: trustdb createdgpg: key BBBE654440E720C1: public key "Alice Doe <alice@example.com>" importedgpg: key BBBE654440E720C1: secret key importedgpg: Total number processed: 1gpg:imported: 1gpg:secret keys read: 1gpg:secret keys imported: 1"C:/Program Files/Git/mingw64/bin/make" -s gpg-import GPG_KEY_FILES=".dev/gpg-keys/*"gpg: key BBBE654440E720C1: "Alice Doe <alice@example.com>" not changedgpg: Total number processed: 1gpg:unchanged: 1
添加新成员接下来一起看看如何将新成员加入到 git-secret
make secret-add-user EMAIL="alice@example.com"$ make secret-add-user EMAIL="alice@example.com""C:/Program Files/Git/mingw64/bin/make" -s git-secret ARGS="tell alice@example.com"git-secret: done. alice@example.com added as user(s) who know the secret.
验证是否通过:
make secret-show-users$ make secret-show-users"C:/Program Files/Git/mingw64/bin/make" -s git-secret ARGS="whoknows"alice@example.com
添加和加密文件来添加一个新的加密文件 secret_password.txt
, 创建以下文件:
echo "my_new_secret_password" > secret_password.txt
将其添加到 .gitignore
echo "secret_password.txt" >> .gitignore
将其添加到 git-secret
make secret-add FILE="secret_password.txt"$ make secret-add FILE="secret_password.txt""C:/Program Files/Git/mingw64/bin/make" -s git-secret ARGS="add secret_password.txt"git-secret: 1 item(s) added.
加密所有文件:
make secret-encrypt$ make secret-encrypt"C:/Program Files/Git/mingw64/bin/make" -s git-secret ARGS="hide"git-secret: done. 1 of 1 files are hidden.$ ls secret_password.txt.secretsecret_password.txt.secret
解密文件首先移除 secret_password.txt
文件 , 请运行:
rm secret_password.txt$ rm secret_password.txt$ ls secret_password.txtls: cannot access 'secret_password.txt': No such file or directory
然后进行解密:
make secret-decrypt$ make secret-decrypt"C:/Program Files/Git/mingw64/bin/make" -s git-secret ARGS="reveal -f"git-secret: done. 1 of 1 files are revealed.$ cat secret_password.txtmy_new_secret_password
注意:如果 gpg
密钥受密码保护(假设密码是
经验总结扩展阅读
- Vue中使用Switch开关用来控制商品的上架与下架情况、同时根据数据库商品的状态反应到前台、前台修改商品状态保存到数据库
- 奥运会2008是哪个国家
- 火车硬卧行李放哪
- 南京高铁在哪个区
- 立秋分上午和下午吗
- 恋爱时不会主动找你聊天的星座女
- 松茸常温下可以保存多久
- 2023年10月5日是下葬的黄道吉日吗 2023年10月5日适合下葬吗
- 平鲁油菜花在哪里
- 24奥运会在哪个国家