Add list-gpg-usercommand to list all added users

[zhiboz]

Is it feasible to introduce a new command

git-crypt list-gpg-user 

to list all added gpg users? Are there alternatives to show that info with the existing implementation?

[AGWA]

Yeah, this is planned. For now, if you list the contents of the .git-crypt/keys/default/0/ directory you'll get the full GPG fingerprints of every authorized user.

[zhiboz]

Cool! Greatly appreciate your efforts!

[tachang]

They are the fingerprints and not the actual GPG keys?

[AGWA]

Yes, the filenames are the fingerprints, not the actual keys.

[tachang]

Gotcha. Is the .git-crypt directory actually encrypted as well? I don't see the need to encrypt it. Also wouldn't it make sense to store the public key as well? Or is it there and I am just missing it.

[AGWA]

The .git-crypt directory is not encrypted by git-crypt (in fact, git-crypt installs a .gitattributes file in .git-crypt to override any rules that might cause it to be encrypted inadvertently).

That said, each file inside .git-crypt is separately encrypted, by GPG, to the public key indicated by the fingerprint in the filename. This is what allows contributors to unlock the repository using their GPG private key.

It wouldn't make sense for git-crypt to store the GPG public key. That's what the GPG keyring is for. Given a fingerprint, you can export the public key from GPG with gpg --export.

[ghost]

I'm waiting for this feature, this's gonna be great! 👍

[Aslan]

👍 for this subcommand

[Constantin07]

+1 very useful feature to have

[GregSharpe1]

I found this awesome blog post! https://www.devopsgroup.com/2016/12/08/easy-git-crypt-user-identification/

[Constantin07]

Thanks @GregSharpe1. Nice article!

[jake-morgan]

Wow @GregSharpe1, that's exacly what I was looking for!!

[chribsen]

Just check the git log

git log .git-crypt/

[bentterp]

git log .git-crypt/keys/*/*/*.gpg

[sobi3ch]

Create git alias to make pseudo-command git crypt-users
Add this..

[alias]
	crypt-users = ! git log  .git-crypt/keys/*/*/*.gpg | egrep '\\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,6}\\b'

to your ~/.gitconfig

UPDATE: new version

[alias]
	crypt-users = "! git log --format=full .git-crypt/keys/*/*/*.gpg | grep -E '^            .+' | sed 's/ *$//g' | awk '{gsub(/^[ \t]+/,\"\"); print $0 }'"

[jottr]

@AGWA is this still planned?
This feature would increase the UX and thus security by making it more transparent which users were granted access.

[AlexShmelev]

@AGWA Is there any updates on this issue ?

[ikegentz]

Create git alias to make pseudo-command git crypt-users Add this..

[alias]
	crypt-users = ! git log  .git-crypt/keys/*/*/*.gpg | egrep '\\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,6}\\b'

to your ~/.gitconfig

UPDATE: new version

[alias]
	crypt-users = "! git log --format=full .git-crypt/keys/*/*/*.gpg | grep -E '^            .+' | sed 's/ *$//g' | awk '{gsub(/^[ \t]+/,\"\"); print $0 }'"

If anybody is looking for one that only lists the emails (that was what I needed anyways):

[alias]
        crypt-users = "! git log --format=full .git-crypt/keys/*/*/*.gpg | grep -E '^            .+' | sed 's/ *$//g' | awk '{gsub(/^[ \t]+/,\"\"); print $0 }' | awk 'NF>1{print $NF}' | sed 's/.//;s/.$//'"

Wow, this worked like a charm. Thank you!