Storing password in git?

GIT, IT, IT Help Desk, WebDevelopment | 0 comments

To store passwords in GIT you need to be able to encrypt and decrypt the password. You can do that using GPG tool. Both tools are available for a variety of platforms. See the instruction below on how to install the tooling and at the very end how to use them to store password in GIT safe encrypted manner.

Install git-secret (Debian / Ubuntu)

To install git-secret in your environment, you need to run dedicated system based command. Windows / Mac / Debian and Fedora/CentOS instruction are available. For Ubuntu, it would look as fallow: 

sudo sh -c "echo 'deb https://gitsecret.jfrog.io/artifactory/git-secret-deb git-secret main' >> /etc/apt/sources.list"
wget -qO - 'https://gitsecret.jfrog.io/artifactory/api/gpg/key/public' | sudo apt-key add -
sudo apt-get update && sudo apt-get install -y git-secret

# Testing, that it worked:
git secret --version

For installation on installing git-secret on Fedora/CentOS, Mac or Windows, see more examples at: https://git-secret.io/installation

Install PGP

Installing PHP is heavily platform dependent.

For Windows, you would go to: https://www.gpg4win.org/

For Mac: https://www.gpgtools.org/

For Ubuntu:

$ sudo apt-get install gnupg
$ sudo apt-get install rng-tools
$ sudo sed -i -e 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/urandom|' /etc/default/rng-tools
$ sudo service rng-tools start

Note that the last two steps in the Ubuntu installation notes above allow you to generate some randomness required to generate a key which is what we’re going to do next.

To generate a key pair, use one of the fallowing command:

gpg --full-generate-key // advance mode
gpg --gen-key // basic mode

To list all your public key in keyring run:

gpg --list-keys

To encrypt a file use the fallowing syntax:

gpg -e my-secrets-myname.txt // encrypt to binary
gpg -a -e my-secrets-myname.txt // encrypt to ASCII

you could also use -r flag to pass the recipient directly: gpg -a -e -r bob@bob.com my-secrets-myname.txt. After encryption you can delete the unencrypted file. You will be able to retrieve the file when decrypting a .asc or .gpg file.

To decrypt a file, you use:

gpg my-secrets-myname.txt.asc // or .gpg

see more at: https://nsrc.org/workshops/2014/sanog23-security/raw-attachment/wiki/Agenda/2-1-1.pgp-lab.html

Storing passwords in Git

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x