Skip to content
Permalink
Browse files

Merge branch 'imrejonk-doc-git-crypt'

  • Loading branch information...
drybjed committed Sep 4, 2019
2 parents 7a79b16 + cae9527 commit 15c8963dd8248df35a12baec6c6216957e08a612
Showing with 22 additions and 0 deletions.
  1. +3 −0 CHANGELOG.rst
  2. +10 −0 INSTALL.rst
  3. +9 −0 bin/debops-init
@@ -34,6 +34,9 @@ General
development; production code should be put in the :file:`ansible/roles/`
and the :file:`ansible/playbooks/` directories respectively.

- The :command:`debops-init` script now also creates the .gitattributes file
for use with :command:`git-crypt`. It is commented out by default.

:ref:`debops.apt_install` role
''''''''''''''''''''''''''''''

@@ -226,6 +226,16 @@ Additional, useful software

.. __: https://en.wikipedia.org/wiki/EncFS

`git-crypt`__
You can use :command:`git-crypt` to transparently encrypt files in the
:file:`secret/` directory when committing to a Git repository. Unlike
``EncFS``, the files are not encrypted on your local hard disk, and the path
names are not encrypted at all. The excellent 'Using git-crypt' section on
the website or in the `man page`__ will get you started.

.. __: https://www.agwa.name/projects/git-crypt/
.. __: https://manpages.debian.org/git-crypt.1

``uuidgen``
This command is used to generate unique UUID strings for hosts which are then
stored as Ansible facts. On Debian, it's available in the ``uuid-runtime``
@@ -70,6 +70,12 @@ retry_files_enabled = False
;ssh_args = -o ControlMaster=auto -o ControlPersist=60s
"""

DEFAULT_GITATTRIBUTES = """
# Uncomment the lines below to encrypt your secrets with git-crypt
#ansible/{SECRET_NAME}/** filter=git-crypt diff=git-crypt
#{SECRET_NAME}/** filter=git-crypt diff=git-crypt
"""

DEFAULT_GITIGNORE = r"""\
debops
ansible.cfg
@@ -162,6 +168,9 @@ def write_config_files(project_root):
# Create .debops.cfg
write_file(os.path.join(project_root, DEBOPS_CONFIG),
DEFAULT_DEBOPS_CONFIG)
# Create .gitattributes
write_file(os.path.join(project_root, '.gitattributes'),
DEFAULT_GITATTRIBUTES.format(SECRET_NAME=SECRET_NAME))
# Create .gitignore
write_file(os.path.join(project_root, '.gitignore'),
DEFAULT_GITIGNORE.format(SECRET_NAME=SECRET_NAME,

0 comments on commit 15c8963

Please sign in to comment.
You can’t perform that action at this time.