Encrypted configuration
This repo contains secrets stored with git-crypt. These need decrypting before use. You need to have your GPG key added to this repo before you are able to do this.
-
Ask the person to export their GPG public key like this:
gpg --armor --export alice@cyb.org -
Once you receive the file, save it on your disk e.g. /tmp/alice.asc
-
Import it into your GPG keyring:
gpg --import /tmp/alice.asc -
Tell GPG that you trust the key and sign it:
gpg --edit-key "alice@cyb.org" trust # 4 # save # quit gpg --edit-key "alice@cyb.org" sign # you will need to type your own passphrase # save -
Confirm that '[ full ]' is shown when you list it:
gpg --list-keys pub rsa4096 2015-02-05 [SC] 17818CFB47FFFC384F0CC uid [ full ] alice <alice@cyb.org> sub rsa4096 2015-02-05 [E] -
In this repo, make sure you're on a master branch, with no outstanding changes, and add the key to the .git-crypt directory:
cd analytics-platform-config git status git-crypt add-gpg-user alice@cyb.org -
The change is already committed, so simply:
git push
-
Get your gpg key added to this repo - see above.
-
Install git-crypt. On MacOS:
brew install git-crypt -
Get the commit with your gpg key that has been added.
cd data-science-sandbox-infrastucture git pull -
Decrypt the files
git-crypt unlockIf this fails, it might be because your gpg key requires a pass-phrase, but there is a problem with the pinentry-program. Check your gpg-agent daemon. I had to correct
~/.gnupg/gpg-agent.confto point to the correctpinentrybinary, then killed the gpg-agent process and restarted it with:gpg-agent --daemon /bin/sh.