diff --git a/doc/special_remotes.mdwn b/doc/special_remotes.mdwn index a0102fcaaa..88370cf881 100644 --- a/doc/special_remotes.mdwn +++ b/doc/special_remotes.mdwn @@ -10,6 +10,7 @@ They cannot be used by other git commands though. * [[S3]] (Amazon S3, and other compatible services) * [[Amazon_Glacier|glacier]] * [[bup]] +* [[gcrypt]] (encrypted git repositories!) * [[directory]] * [[rsync]] * [[webdav]] diff --git a/doc/special_remotes/gcrypt.mdwn b/doc/special_remotes/gcrypt.mdwn new file mode 100644 index 0000000000..dca6ad655e --- /dev/null +++ b/doc/special_remotes/gcrypt.mdwn @@ -0,0 +1,37 @@ +[git-remote-gcrypt](https://github.com/blake2-ppc/git-remote-gcrypt/) +adds support for encrypted remotes to git. The git-annex gcrypt special +remote allows git-annex to also store its files in such repositories. +Naturally, git-annex encrypts the files it stores too, so everything +stored on the remote is encrypted. + +## configuration + +These parameters can be passed to `git annex initremote` to configure +gcrypt: + +* `encryption` - One of "none", "hybrid", "shared", or "pubkey". + See [[encryption]]. + +* `keyid` - Specifies the gpg key to use for encryption of both the files + git-annex stores in the repository, as well as to encrypt the git + repository itself. May be repeated when multiple participants + should have access to the repository. + +* `gitrepo` - Required. The path or url to the git repository + for gcrypt to use. This repository should be either empty, or an existing + gcrypt repositry. + +## notes + +For git-annex to store files in a repository on a remote server, you need +shell access, and `rsync` must be installed. + +While you can use git-remote-gcrypt with servers like github, git-annex +can't store files on them. In such a case, you can just use +git-remote-gcrypt directly. + +If you use encryption=hybrid, you can add more gpg keys that can access +the files git-annex stored in the gcrypt repository. However, due to the +way git-remote-gcrypt encrypts the git repository, you will need to somehow +force it to re-push everything again, so that the encrypted repository can +be decrypted by the added keys.