问题
Is there any way (in built or add-on) to encrypt individual files in a repository, accessible by limited people. Files when checked in by those folks will auto encrypt and decrypt when checked out. They will stay encrypted if tried to be accessed by other people.
回答1:
I know my answer is late but there is plenty of alternatives for storing secrets in git repos:
- Git-crypt
- BlackBox
- SOPS
- Transcrypt
Most of them use GNU Privacy Guard (GPG), symmetric key encryption, and/or cloud key services (SOPS). If you just want a simple encryption mechanism with password you can also take a look at ansible vault, which doesn't require generating keys for each account.
回答2:
Maybe Blackbox helps?
From their website (https://github.com/StackExchange/blackbox):
Safely store secrets in a VCS repo (i.e. Git, Mercurial, Subversion or Perforce). These commands make it easy for you to Gnu Privacy Guard (GPG) encrypt specific files in a repo so they are "encrypted at rest" in your repository. However, the scripts make it easy to decrypt them when you need to view or edit them, and decrypt them for use in production. Originally written for Puppet, BlackBox now works with any Git or Mercurial repository.
...
Rather than one GPG passphrase for all the files, each person with access has their own GPG keys in the system. Any file can be decrypted by anyone with their GPG key. This way, if one person leaves the company, you don't have to communicate a new password to everyone with access. Simply disable the one key that should no longer have access. The process for doing this is as easy as running 2 commands (1 to disable their key, 1 to re-encrypt all files.)
来源:https://stackoverflow.com/questions/48330742/file-encryption-in-git-repository