secure-git-template

opinionated private repo bootstrap with one command setup

   

Table Of Contents

• About
• Install
• Usage
• Requirements
• Contact

---

About

• problem - private repos drift into inconsistent local setup and weak guardrails
• solution - force one install path and one setup command with hooks + identity + encryption
• summary - clone, run command, store key, commit, push

---

Install

brew tap vdutts7/tap && brew install shelllock git-crypt git-lfs && git lfs install && \
git clone <your-repo-url> && cd <your-repo-dir> && \
./.hooks/scripts/setup.sh --remote "<your-remote-url>" --name "<git-name>" --email "<git-email>" --pseudo-encrypt-commits --git-crypt --key-output "$HOME/Downloads/git-crypt-key" && \
open "$HOME/Downloads" && rm "$HOME/Downloads/git-crypt-key" && \
git add . && git commit -m "initial setup" && git push -u origin main

---

Usage

.hooks/scripts/setup.sh --remote "<your-remote-url>" --name "<git-name>" --email "<git-email>" --pseudo-encrypt-commits --git-crypt --key-output "$HOME/Downloads/git-crypt-key"

Arg	Purpose
--remote	set or replace origin
--name	set repo-local user.name in .git/config
--email	set repo-local user.email in .git/config
--pseudo-encrypt-commits	obfuscate commit messages as .. and log originals to .commits.jsonl
--git-crypt	initialize git-crypt and activate .gitattributes encryption rule
--key-output	export git-crypt key file

Examples:

# full setup
./.hooks/scripts/setup.sh --remote "git@github.com:owner/repo.git" --name "your-name" --email "your-email@example.com" --pseudo-encrypt-commits --git-crypt --key-output "$HOME/Downloads/git-crypt-key"

# first push
git add . && git commit -m "initial setup" && git push -u origin main

---

Requirements

• shelllock
• git-crypt
• git-lfs

---

Contact