I am using git as version control for a lot of my projects which apart from source code have a number of reports and sensitive documents.
All my repos are currently private but I wish to make some of them public. As mentioned above, I wish to hide some of the files (or may be directories) from public. Is that even possible? If not, is there a better way of doing this?
Hiding specific information in a git repository is not one of the things it's designed for. AFAIK it is also not possible. One approach that might work, though I have never tried this, is to have a public and a private git repo, and have the private repo be a git submodule for the public one. This might be more hassle then it's worth though, and might be confusing at points causing you to put private data in the public repo. So perhaps you should just have tow completely separate repos.
git is build for sharing, not hiding) is to have some private branches that aren't shared on which I keep files not for public consumption.
It should be possible by encrypting the files: https://git-secret.io/
How does git-secret solve these problems? git-secret encrypts files and stores them inside the git repository, so you will have all the changes for every commit.
Files which are encrypted with public keys cannot be read by other parties which do not have access to the private keys, so they can be safely uploaded to a public repository.*
git-secret is a bash tool to store your private data inside a git repo. How’s that? Basically, it just encrypts, using gpg, the tracked files with the public keys of all the users that you trust.
The tool provides a way to encrypt/decrypt files with multiple public keys (from diff. people).
Usage: Setting up git-secret in a repository These steps cover the basic process of using git-secret:
Before starting, make sure you have created gpg RSA key-pair: public and secret key identified by your email address.
Begin with an existing or new git repository. You’ll use the ‘git secret’ commands to add the keyrings and information to make the git-secret hide and reveal files in this repository.
Initialize the git-secret repository by running git secret init command. the .gitsecret/ folder will be created, Note all the contents of the .gitsecret/ folder should be checked in, /except/ the random_seed file. In other words, of the files in .gitsecret, only the random_seed file should be mentioned in your .gitignore file.
Add the first user to the git-secret repo keyring by running git secret tell [email protected].
Now it’s time to add files you wish to encrypt inside the git-secret repository. It can be done by running git secret add command. Make sure these files are ignored by mentions in .gitignore, otherwise git-secret won’t allow you to add them, as these files could be stored unencrypted.
When done, run git secret hide to encrypt all files which you have added by the git secret add command. The data will be encrypted with the public-keys described by the git secret tell command. After using git secret hide to encrypt your data, it is safe to commit your changes. NOTE:. It’s recommended to add git secret hide command to your pre-commit hook, so you won’t miss any changes.
Later you can decrypt files with the git secret reveal command, or just show their contents to stdout with the git secret cat command. If you used a password on your GPG key (always recommended), it will ask you for your password. And you’re done!
* Quantum computing may change this in the future.
