Dockerfile and instructions for running git-secret in docker.
Mainly used on Windows, to work around git-secret not working natively on it.
A private GNU Privacy Guard key generated on your local system. Here's a guide on Generating a new GPG key, if you haven't done that already.
FYI: On Windows, Git Bash already contains the gpg command line tool.
You'll need to clone this repo and export your private gnupg key into it,
so that it can be imported during docker build.
git clone https://github.com/WalterMeier/git-secret-docker.git
cd git-secret-docker
gpg --export-secret-key -a <email> > private.key
private.keyis already in.gitignore
Even though the image has
gpgincluded and available at runtime, generating thegnupgkey in a container is a difficult task. Multiple variables come into play whengpgis runninggpg-agentand collecting random entropy, which are linked to how the container is launched and in what kind of environment thedockerdaemon is running. Hence this export/import solution.
If you've done the previously mentioned gnupg key export,
this next part is simple.
Just run the following.
docker build -t git-secret .Or alternatively, you can specify which git-secret version you want during build.
docker build --build-arg GIT_SECRET_VERSION=0.2.3 -t git-secret .The resulting image will be used by all the other scripts, described in the Usage section.
The exec directory contains the executable wrapper script(-s),
that let you use your newly created image in a way, similar to
how you would use git secret <arg> commands
if you had git-secret installed locally.
Just add this directory to your PATH, and start using them.
The following is an explanation of how these scripts work.
Execute git-secret commands in your current working directory.
cd /path/to/repo/with/secrets
git-secret init
git-secret tell <my-email>
git-secret whoknows
# etc
In a nutshell, this
git-secretscript just mounts the current directory to thegit-secretcontainer and runs thegit secret <args>command against it.
As stated in the git-secret-tell documentation,
to add another user to the git-secret enabled repo, you will need
their public key already imported in gpg before git-secret can use it.
In this case it means that you'll first need to import the public key in the
container's gpg, before git-secret can use it.
The git-secret script has been extended with the addperson command,
to make this importing process easier.
It requires two arguments:
- The public
gnupgkey of the person you wish to add, which was expoerted in ascii armored formgpg --export --armor <email> > public.key
- The email associated with said public key
git-secret addperson /path/to/public.key [email protected]In a nutshell, this
git-secret addpersonscript pipes the public key into the container, wheregpg --importreceives it. After that thegit secret tell <email>command is executed.
git-secret killperson <email>shows agpgerror, however it doesn't affect the functionality and still removes the person from thepubring
The main reason is Windows.
git-secret currently doesn't have Windows support, but this solution
can be run on any system as long is it has docker, including Windows.
While this windows support thread
states that people have got it to work with cygwin and WSL,
that means that you also need one of those systems as a dependency.
The dockerized solution in this repo is aimed at people who already have docker
and don't want to install other dependencies.