git-crypt

[arcticicestudio]

Epic: #33
Depends on #35 #49

Integrate git-crypt into the repository to allow to encrypt specific files using GPG.
git-crypt is a stable and production proven concept that works safely and allows to use a transparent encryption with Git.

snowsaw will use it to encrypt files containing sensitive data like deployment, API or any other kind of secret keys. Another way would be to use Circle CI's environment variables features to make sensitive data available during build time, but using git-crypt ensures that all required project data is stored in the repository and tracked by Git without the need to manually configure CI/CD providers and servers.

Integration Steps

• 1 Add files to .gitattributes and configure filter and diff to use git-crypt setup
• 2 Initialize git-crypt for the repository: git-crypt init (default key)
• 3 Add the GPG keys of all core team members keys and CI/CD virtual user: git-crypt add-gpg-user --trusted --no-commit <ID> (--no-commit flag prevents automatic commit of generated files while --trusted assumes the GPG user IDs are trusted)
• 4 Commit the new generated .git-crypt folder
• 5 Unlock the repository: git-crypt unlock
• 6 Ensure all target files are tracked to be encrypted: git-crypt status
• 7 Commit all encrypted target files Nothing to commit yet
• 8 Validate the encryption works by locking the repository again: git-crypt lock