Browse Source

post on git-gcrypt

Vincent Truchseß 3 months ago
3 changed files with 75 additions and 2 deletions
  1. 2
  2. 71
  3. 2

+ 2
- 1
css/default.css View File

@@ -45,6 +45,7 @@ footer {
bottom: 0;
height: 16px;
line-height: 16px;
background-color: inherit;

p {
@@ -145,7 +146,7 @@ article .header {

@media (min-width: 860px) {
@media (min-width: 950px) {
body {
width: 75%;
max-width: 110rem;

+ 71
- 0
posts/ View File

@@ -0,0 +1,71 @@
author: Vi
title: Encrypted Git remotes with git-remote-gcrypt

## The Problem

The problem I was facing lately was quite simple.
I use [vimwiki]( to keep my notes organized.
Now, I want to synchronize my notes with other devices, having them available
wherever I might need them. Since **vimWiki** stores plaintext files in a
folder, that sounds like a perfect job for **git**.
Now, I like to have my git-repos accessible from the
internet. That leaves me with the problem of storing my personal notes in
plaintext on a server in someone else's datacenter.

## The Solution

Searching allover the internet for a solution that doesn't involve some extra
sync-client (like a VeraCrypt-Container in a dropbox) and that doesn't break the
ability to cleanly solve conflicts between edits on different devices I found
This nice little tool let's you have pgp-encrypted git-remotes, which was exactly
what I was looking for.

### Installation

On Arch-Linux there is an AUR-package available, so no further explanation
On other systems, just use the supplied `` -script as mentioned in the
project's readme. Since it's written in `POSIX` -shell it should run on every
modern OS without problems.

### Usage

#### Setting up an encrypted remote

To add a git-remote as an encrypted one, just prefix it's git-uri with
`gcrypt::`, like this:

git remote add <remote> gcrypt::ssh://user@server.tld:secrets

#### Setting up keys

In order for `gcrypt` to properly encrypt your data you should configure the
proper keys in the local repository's config. Here is an example:

git config remote.remotename.<remote>.gcrypt-participate "key1 key2"

This will make gcrypt encrypt the remote for the keys `key1` and `key2`.

### A word of warning

Since every push on the remote is effectively a force-push, make sure to always
pull before you push!

Using a plain git-uri (like GitHub or similar do) to push-access your repository
effectively transfers the whole repository-content on every push. For larger
repo, consider to choose a server that supports rsync-transfer or similar.

## First Impressions

I have been playing around with this tool for quite some time now, testing
different use-cases. It definitely has it's place on my toolbelt now.


+ 2
- 1 View File

@@ -12,6 +12,7 @@ USER="blog"
PASSWD="$(pass internet/"

# Setup Paths, Filenames and urls
@@ -26,7 +27,7 @@ cp "$DRAFT" "$POSTS_DIR"/"$TARGET".md

# Posting title and link to article in fediverse-instance, getting status-url as response
TITLE="$(grep title: "$DRAFT" | sed -E 's/^.+:\s*//' | sed -E 's/\s*$//')"
STATUS_URL="$(curl -u $USER:$PASSWD --data status="$TEXT" -X POST $REQUEST_URL | jq -r .url)"