From 364ef851de04479dea896a459a2ea22cb98f1c9f Mon Sep 17 00:00:00 2001 From: Ali Rizvi Date: Tue, 26 Nov 2024 17:12:54 -0500 Subject: [PATCH] .git-crypt|secrets: setup git-crypt as secrets provider This is arguably the safest way I can think of that isn't stupidly annoying. Both `sops-nix` and `agenix` require you to manage a secondary key, which is a bit annoying for me. This is significantly easier, and moreso because the encryption happens transparently. On my system it wont look encrypted at all, but online you will never be able to see it. New collaborators: 87051A83 Ali Rizvi --- .git-crypt/.gitattributes | 4 ++++ .../default/0/6A25DEBE41DB0C153AB5BB345290E18B87051A83.gpg | 1 + nix/devShells/shell.nix | 4 ++++ 3 files changed, 9 insertions(+) create mode 100644 .git-crypt/.gitattributes create mode 100644 .git-crypt/keys/default/0/6A25DEBE41DB0C153AB5BB345290E18B87051A83.gpg diff --git a/.git-crypt/.gitattributes b/.git-crypt/.gitattributes new file mode 100644 index 0000000..665b10e --- /dev/null +++ b/.git-crypt/.gitattributes @@ -0,0 +1,4 @@ +# Do not edit this file. To specify the files to encrypt, create your own +# .gitattributes file in the directory where your files are. +* !filter !diff +*.gpg binary diff --git a/.git-crypt/keys/default/0/6A25DEBE41DB0C153AB5BB345290E18B87051A83.gpg b/.git-crypt/keys/default/0/6A25DEBE41DB0C153AB5BB345290E18B87051A83.gpg new file mode 100644 index 0000000..4f1abab --- /dev/null +++ b/.git-crypt/keys/default/0/6A25DEBE41DB0C153AB5BB345290E18B87051A83.gpg @@ -0,0 +1 @@ +„^ßaLµ…@EQx"î4ÉÙ!}ÞA]Óç"Ú×›ÑP´Ž2ËcÍùÄÖ[0Ù-PŬò½QèŸJ9-Šõ–óÙFGÚ‚ÀÌð¯î>ä$rß<‡OÁNDñ4Ù|,ÓÒÀÞT7'£jÛ@B×6“áx¤§aBÉk9í¸¨Vzd&)^B"c¼šD •"ø|¼™qèâÿ_CÝ6À1›É†,r.n/›i”ÓÞFå~¼Ç0z÷€²ÉÙ*4Ъ¶Íýõ@GU1a4–…Á‚•åô!||áv­}¸»îC°P|q'¾ÃÝø»g+öüŒÀš)#6F™«ÿMKr‚RÑ{ÉQ8›‚öÆ"Ȉj] l¶¬vïÒ>u^œß†ø`Ù‡ã4Bä \ No newline at end of file diff --git a/nix/devShells/shell.nix b/nix/devShells/shell.nix index 21f624a..df92861 100644 --- a/nix/devShells/shell.nix +++ b/nix/devShells/shell.nix @@ -3,10 +3,14 @@ introduce-bin, nixos-clean, + + git-crypt, }: mkShellNoCC { packages = [ introduce-bin nixos-clean + + git-crypt ]; }