Skip to content
Browse files

Merge branch 'imrejonk-doc-git-crypt'

  • Loading branch information...
drybjed committed Sep 4, 2019
2 parents 7a79b16 + cae9527 commit 15c8963dd8248df35a12baec6c6216957e08a612
Showing with 22 additions and 0 deletions.
  1. +3 −0 CHANGELOG.rst
  2. +10 −0 INSTALL.rst
  3. +9 −0 bin/debops-init
@@ -34,6 +34,9 @@ General
development; production code should be put in the :file:`ansible/roles/`
and the :file:`ansible/playbooks/` directories respectively.

- The :command:`debops-init` script now also creates the .gitattributes file
for use with :command:`git-crypt`. It is commented out by default.

:ref:`debops.apt_install` role

@@ -226,6 +226,16 @@ Additional, useful software

.. __:

You can use :command:`git-crypt` to transparently encrypt files in the
:file:`secret/` directory when committing to a Git repository. Unlike
``EncFS``, the files are not encrypted on your local hard disk, and the path
names are not encrypted at all. The excellent 'Using git-crypt' section on
the website or in the `man page`__ will get you started.

.. __:
.. __:

This command is used to generate unique UUID strings for hosts which are then
stored as Ansible facts. On Debian, it's available in the ``uuid-runtime``
@@ -70,6 +70,12 @@ retry_files_enabled = False
;ssh_args = -o ControlMaster=auto -o ControlPersist=60s

# Uncomment the lines below to encrypt your secrets with git-crypt
#ansible/{SECRET_NAME}/** filter=git-crypt diff=git-crypt
#{SECRET_NAME}/** filter=git-crypt diff=git-crypt

@@ -162,6 +168,9 @@ def write_config_files(project_root):
# Create .debops.cfg
write_file(os.path.join(project_root, DEBOPS_CONFIG),
# Create .gitattributes
write_file(os.path.join(project_root, '.gitattributes'),
# Create .gitignore
write_file(os.path.join(project_root, '.gitignore'),

0 comments on commit 15c8963

Please sign in to comment.
You can’t perform that action at this time.