psi-jack/yadm
1
0
Fork 0
mirror of synced 2024-12-22 06:31:07 -05:00
Code Issues Releases Wiki Activity

Update encryption docs for 3.0.0

Browse source
This commit is contained in:
Tim Byrne 2020-12-27 21:00:51 -06:00
parent 6de50bd11d
commit 6826e5e835
No known key found for this signature in database
GPG key ID: 14DB4FC2465A4B12
1 changed files with 23 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
_docs/080_encryption.md
View file

@ -6,8 +6,9 @@ It can be useful to manage confidential files, like SSH keys, across multiple
systems. However, doing so would put plain text data into a Git repository, systems. However, doing so would put plain text data into a Git repository,
which often resides on a public system. yadm implements a feature which can which often resides on a public system. yadm implements a feature which can
make it easy to encrypt and decrypt a set of files so the encrypted version can make it easy to encrypt and decrypt a set of files so the encrypted version can
be maintained in the Git repository. This feature will only work if the gpg be maintained in the Git repository. This feature will only work if the gpg or
command is available. openssl commands are available. To use OpenSSL see the section lower on this
page.
_It is recommended that you use a private repository when keeping confidential _It is recommended that you use a private repository when keeping confidential
files, even though they are encrypted._ files, even though they are encrypted._
@ -16,14 +17,14 @@ To use this feature, a list of patterns must be created and saved as
.ssh/*.key .ssh/*.key
The `yadm encrypt` command will find all files matching the patterns, and The `yadm encrypt` command will find all files matching the patterns, and prompt
prompt for a password. Once a password has confirmed, the matching files will be for a password. Once a password has confirmed, the matching files will be
encrypted and saved as `$HOME/.config/yadm/files.gpg`. The patterns and files.gpg encrypted and saved as `$HOME/.local/share/yadm/archive`. The patterns and
should be added to the yadm repository so they are available across multiple `archive` should be added to the yadm repository so they are available across
systems. multiple systems.
yadm add .config/yadm/encrypt yadm add .config/yadm/encrypt
yadm add .config/yadm/files.gpg yadm add .local/share/yadm/archive
To decrypt these files later, or on another system run `yadm decrypt` and To decrypt these files later, or on another system run `yadm decrypt` and
provide the correct password. provide the correct password.
@ -39,6 +40,20 @@ be enabled using the `yadm.gpg-recipient` configuration. To do so, run:
For this to work, `<recipient-address>` must exist in your gpg keyrings. For this to work, `<recipient-address>` must exist in your gpg keyrings.
## OpenSSL
OpenSSL can be used instead of gpg by specifying the option `yadm.cipher`,
setting it to "openssl".
yadm config yadm.cipher openssl
There are a few other options to control how the OpenSSL archive is created.
* `yadm.openssl-ciphername` determines the cipher algorithm used. "aes-256-cbc"
is used by default.
* `yadm.openssl-old` is a boolean option that uses parameters more suitable for
older versions of OpenSSL. This option defaults to "false".
## transcrypt & git-crypt ## transcrypt & git-crypt
transcrypt & git-crypt are tools that enable transparent encryption and transcrypt & git-crypt are tools that enable transparent encryption and