encrypt alternate names #52
Comments
|
Your interpretation is correct. This is a new feature beginning with version 1.07. However, I think I see a bug where "globs" are not expanded within the Can you confirm that you are using wildcards inside your As a temporary work-around, I think you should be able to specify each file individually within |
|
@TheLocehiliosan Edit: Correction. This indeed does appear to be a globbing issue. Specifying files verbatim in In thinking about this, I just realized that I do not think symlinks are correct for encrypted files anyway - if there is an encrypted file for the host, it should decrypt it as the name it would normally be symlinked to, and leave all other files that don't belong on that class/os/host/user still encrypted. This can be illustrated with a repository consisting of multiple machines' dot files, including their SSH private keys. Raw private keys should never find their way to another machine, so they remain encrypted unless the pattern matches and the machine has the proper GPG private key/password to decrypt it to the original filename without the ##suffix. To repeat: I do not think symlinks should be created for encrypted files, because that implies the decrypted file for all patterns are available. Instead, only decrypt the files having patterns matching this machine/user/etc - all other files remain encrypted until decrypted on the correct machine/user/etc. |
|
Specifying the files directly does currently work. I do believe the globbing issue needs to be fixed. Actually, I've already written a fix, but that fix uncovered another bug (#53), that globs for paths which contain spaces is not properly supported either. The reason I haven't noticed this myself is that I do not actually use symlinked alternates for my keys, and my test cases did not use any wildcard globs. I've read your suggestions about decrypting relevant files only on matching hosts, and then renaming instead of linking. I will think about these ideas some more, but initially I don't think that's the right direction for yadm. Most of my reservations come from the problems that arise during the encryption process itself. I strongly believe I should be able to decrypt an archive, update some of the data, and then encrypt the archive again—from any machine—just as I can change the unencrypted data from any machine. I'm not sure how to achieve that goal alongside your suggestion. If not all of the data is decrypted, how does a new archive get created? Again, I'll continue to think more about it. If you can explain your use-case a bit more, I might be able to suggest an alternate way to handle your situation. For example, I have users who have more than one encrypted archive. You can override the what file is used as an archive with |
|
You raise valid concerns with my idea. My use-case is simple. It is common security practice for private keys to belong only on the host they were created for. Decrypting all files would break this. This is the only reason I wanted the ability to never decrypt files that don't belong on a host. Perhaps an optional parameter to decrypt would suffice. I'll have to think some more. |
|
If you intend on creating keys that only exist on a single host, my suggestion is leave them out of your dotfiles repo. It probably makes sense to add the public keys to |
|
Ok, thanks for the ideas. |
I gathered from this that symlinks would be created upon
yadm decrypt:But appending
##Linux.host1to my ~/.ssh keys and adding them to the ~/.yadm/encrypt file does nothing upon decrypting. What exactly does the above quote mean wrt toencryptand symlinks?The text was updated successfully, but these errors were encountered: