To store passwords in GIT you need to be able to encrypt and decrypt the password. You can do that using GPG tool. Both tools are available for a variety of platforms. See the instruction below on how to install the tooling and at the very end how to use them to store password in GIT safe encrypted manner.
Install git-secret (Debian / Ubuntu)
To install git-secret in your environment, you need to run dedicated system based command. Windows / Mac / Debian and Fedora/CentOS instruction are available. For Ubuntu, it would look as fallow:
sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list" wget -qO - 'https://gitsecret.jfrog.io/artifactory/api/gpg/key/public' | sudo apt-key add - sudo apt-get update && sudo apt-get install -y git-secret # Testing, that it worked: git secret --version
For installation on installing git-secret on Fedora/CentOS, Mac or Windows, see more examples at: https://git-secret.io/installation
Installing PHP is heavily platform dependent.
For Windows, you would go to: https://www.gpg4win.org/
For Mac: https://www.gpgtools.org/
$ sudo apt-get install gnupg $ sudo apt-get install rng-tools $ sudo sed -i -e 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/urandom|' /etc/default/rng-tools $ sudo service rng-tools start
Note that the last two steps in the Ubuntu installation notes above allow you to generate some randomness required to generate a key which is what we’re going to do next.
To generate a key pair, use one of the fallowing command:
gpg --full-generate-key // advance mode
gpg --gen-key // basic mode
To list all your public key in keyring run:
To encrypt a file use the fallowing syntax:
gpg -e my-secrets-myname.txt // encrypt to binary
gpg -a -e my-secrets-myname.txt // encrypt to ASCII
you could also use
-r flag to pass the recipient directly:
gpg -a -e -r email@example.com my-secrets-myname.txt. After encryption you can delete the unencrypted file. You will be able to retrieve the file when decrypting a .asc or .gpg file.
To decrypt a file, you use:
gpg my-secrets-myname.txt.asc // or .gpg
see more at: https://nsrc.org/workshops/2014/sanog23-security/raw-attachment/wiki/Agenda/2-1-1.pgp-lab.html