FreeBSD Manual Pages
TRANSCRYPT(1) TRANSCRYPT(1) NAME transcrypt - transparently encrypt files within a git repository SYNOPSIS transcrypt [options...] DESCRIPTION transcrypt will configure a Git repository to support the transparent encryption/decryption of files by utilizing OpenSSL's symmetric cipher routines and Git's built-in clean/smudge filters. It will also add a Git alias "ls-crypt" to list all transparently encrypted files within the repository. The transcrypt source code and full documentation may be downloaded from https://github.com/elasticdog/transcrypt. OPTIONS -c, --cipher=cipher the symmetric cipher to utilize for encryption; defaults to aes-256-cbc -p, --password=password the password to derive the key from; defaults to 30 random base64 characters -y, --yes assume yes and accept defaults for non-specified options -d, --display display the current repository's cipher and password -r, --rekey re-encrypt all encrypted files using new credentials -f, --flush-credentials remove the locally cached encryption credentials and re-encrypt any files that had been previously decrypted -F, --force ignore whether the git directory is clean, proceed with the pos- sibility that uncommitted changes are overwritten -u, --uninstall remove all transcrypt configuration from the repository and leave files in the current working copy decrypted -l, --list list all of the transparently encrypted files in the repository, relative to the top-level directory -s, --show-raw=file show the raw file as stored in the git commit object; use this to check if files are encrypted as expected -e, --export-gpg=recipient export the repository's cipher and password to a file encrypted for a gpg recipient -i, --import-gpg=file import the password and cipher from a gpg encrypted file -v, --version print the version information -h, --help view this help message EXAMPLES To initialize a Git repository to support transparent encryption, just change into the repo and run the transcrypt script. transcrypt will prompt you interactively for all required information if the corre- sponding option flags were not given. $ cd <path-to-your-repo>/ $ transcrypt Once a repository has been configured with transcrypt, you can trans- parently encrypt files by applying the "crypt" filter and diff to a pattern in the top-level .gitattributes config. If that pattern matches a file in your repository, the file will be transparently encrypted once you stage and commit it: $ echo 'sensitive_file filter=crypt diff=crypt' >> .gitattributes $ git add .gitattributes sensitive_file $ git commit -m 'Add encrypted version of a sensitive file' See the gitattributes(5) man page for more information. If you have just cloned a repository containing files that are en- crypted, you'll want to configure transcrypt with the same cipher and password as the origin repository. Once transcrypt has stored the matching credentials, it will force a checkout of any existing en- crypted files in order to decrypt them. If the origin repository has just rekeyed, all clones should flush their transcrypt credentials, fetch and merge the new encrypted files via Git, and then re-configure transcrypt with the new credentials. AUTHOR Aaron Bull Schaefer <aaron@elasticdog.com> SEE ALSO enc(1), gitattributes(5) August 2016 TRANSCRYPT(1)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | AUTHOR | SEE ALSO
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=transcrypt&sektion=1&manpath=FreeBSD+Ports+15.0>