Git-Crypt: Safeguard your secrets

Photo by FlyD on Unsplash

Git-Crypt: Safeguard your secrets

Avishek Behera's photo
Avishek Behera
·

2 min read

Table of contents

Introduction

it’s very important to protect information from the World Wide Web because there are so many bad things can that happen with the negligence of our data.

In software engineering, having the data protected from authorised access is supercritical and hence similar concept applies in test automation as well.

How is it useful in Test Automation?

While building a test automation framework, we should not ignore to protect the important information such as the username and password URL of our environment, API, keys, data, credentials and so on.

If this sensitive information is leaked to outside the world via a repository, then it can pose a big threat and hence we should be very careful to enforce a very secret management system this is a very good script that comes to the rescue and it provides a super easy way to implement and I would like to talk about it.

How to use it?

Basically, this is pretty easy to set up. We can follow the step-by-step information available in there to get positive to make it very simple. I would like to add a couple of steps that would help quickly set up it and then use it.

Here is the official and detailed documentation

Note: Before you proceed, ensure the below steps to be done

  • If your repository with credentials is already committed then you have already exposed them. Once you enforce git-crypt, make sure to change all credentials to remediate.

  • If you are working on a new repository then ensure to do this setup first thing or an early action item so you don’t accidentally expose secrets by commits

# Install (chose the steps for linux as mentioned in doc)
brew install git-crypt

# init
cd repo
git-crypt init

# save secret key file
git-crypt export-key git-crypt-secret

# Specify files to encrypt by creating a .gitattributes file:
# to encrypt single file
secretfile filter=git-crypt diff=git-crypt
# to encrypt file with extension
*.key filter=git-crypt diff=git-crypt
# to encrypt whole directory
secretdir/** filter=git-crypt diff=git-crypt

# check status
git crypt status

# Common error
## *** WARNING: staged/committed version is NOT ENCRYPTED! ***
# To solve this, make some changes to those files and commit

# lock or encrypt file
git crypt lock

# unlock or decrypt file with secrete file
git crypt unlock git-crypt-secret

Lastly, make sure to keep the secret file git-crypt-secret within the team or store it in a password or secured space.

Feel free to comment here for any thoughts or suggests.
Thank you for reading.

GitGitHub