git-annex/doc/special_remotes/gcrypt.mdwn

46 lines
1.9 KiB
Text
Raw Normal View History

2013-09-07 23:08:34 +00:00
[git-remote-gcrypt](https://github.com/blake2-ppc/git-remote-gcrypt/)
adds support for encrypted remotes to git. The git-annex gcrypt special
remote allows git-annex to also store its files in such repositories.
Naturally, git-annex encrypts the files it stores too, so everything
stored on the remote is encrypted.
2013-09-08 19:48:41 +00:00
See [[tips/fully_encrypted_git_repositories_with_gcrypt]] for some examples
of using gcrypt.
2013-09-07 23:08:34 +00:00
## configuration
These parameters can be passed to `git annex initremote` to configure
gcrypt:
* `encryption` - One of "none", "hybrid", "shared", or "pubkey".
See [[encryption]].
* `keyid` - Specifies the gpg key to use for encryption of both the files
git-annex stores in the repository, as well as to encrypt the git
repository itself. May be repeated when multiple participants
should have access to the repository.
* `gitrepo` - Required. The path or url to the git repository
for gcrypt to use. This repository should be either empty, or an existing
gcrypt repositry.
* `shellescape` - See [[rsync]] for the details of this option.
2013-09-07 23:08:34 +00:00
## notes
For git-annex to store files in a repository on a remote server, you need
shell access, and `rsync` must be installed. Those are the minimum
requirements, but it's also recommended to install git-annex on the remote
server, so that [[git-annex-shell]] can be used.
2013-09-07 23:08:34 +00:00
While you can use git-remote-gcrypt with servers like github, git-annex
can't store files on them. In such a case, you can just use
git-remote-gcrypt directly.
If you use encryption=hybrid, you can add more gpg keys that can access
the files git-annex stored in the gcrypt repository. However, due to the
way git-remote-gcrypt encrypts the git repository, you will need to somehow
force it to re-push everything again, so that the encrypted repository can
2013-09-07 23:25:13 +00:00
be decrypted by the added keys. Probably this can be done by setting
`GCRYPT_FULL_REPACK` and doing a forced push of branches.