Re: git-secret - store your private data inside a repository

On Mon, Mar 14, 2016 at 10:22:43AM +0300, Никита Соболев wrote: > Robin, thank you for interest. > > I have not seen 'pwstore' before, but I don't like the idea to store > headers inside the file. As it might break things. But I love the idea > of groups and access rights. It is a direction I

Re: git-secret - store your private data inside a repository

Robin, thank you for interest. I have not seen 'pwstore' before, but I don't like the idea to store headers inside the file. As it might break things. But I love the idea of groups and access rights. It is a direction I would like to follow. Also I like your suggestion about the key's white-list.

Re: git-secret - store your private data inside a repository

Have you seen the much older pwstore tool? https://github.com/formorer/pwstore It does have some notable features missing from git-secret and similar tools to this day. - Whitelist of trusted keys to detect addition of unexpected keys. - Specify what users/groups have access to any given file

git-secret - store your private data inside a repository

There’s a known problem in server configuration and deploying, when you have to store your private data such as: database passwords, application secret-keys, OAuth secret keys and so on, outside of the git repository. Even if this repository is private, it is a security risk to just publish them