--- title: "Encryption" permalink: /docs/encryption --- It can be useful to manage confidential files, like SSH keys, across multiple systems. However, doing so would put plain text data into a Git repository, which often resides on a public system. yadm implements a feature which can make it easy to encrypt and decrypt a set of files so the encrypted version can be maintained in the Git repository. This feature will only work if the gpg command is available. _It is recommended that you use a private repository when keeping confidential files, even though they are encrypted._ To use this feature, a list of patterns must be created and saved as `$HOME/.config/yadm/encrypt`. For example: .ssh/*.key The `yadm encrypt` command will find all files matching the patterns, and prompt for a password. Once a password has confirmed, the matching files will be encrypted and saved as `$HOME/.config/yadm/files.gpg`. The patterns and files.gpg should be added to the yadm repository so they are available across multiple systems. yadm add .config/yadm/encrypt yadm add .config/yadm/files.gpg To decrypt these files later, or on another system run `yadm decrypt` and provide the correct password. _By default, any decrypted files will have their "group" and "others" permissions removed._ ### Asymmetric Encryption Symmetric encryption is used by default, but asymmetric encryption may be enabled using the `yadm.gpg-recipient` configuration. To do so, run: yadm config yadm.gpg-recipient For this to work, `` must exist in your gpg keyrings. ## transcrypt & git-crypt transcrypt & git-crypt are tools that enable transparent encryption and decryption of files in a Git repository. If installed, you can use either of these tools with your yadm repository. Simply use it normally, prefacing the `transcrypt` or `git-crypt` commands with `yadm`. Learn more about these tools here: * [transcrypt](https://github.com/elasticdog/transcrypt) * [git-crypt](https://github.com/AGWA/git-crypt)