mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Added a comment

Browse source
This commit is contained in:
andrew 2019-01-16 23:51:21 +00:00 committed by admin
parent bf16292584
commit 6e4e6ac148
1 changed files with 20 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
doc/forum/use_case_question__58___developer_repo_with_s3/comment_2_751d3f5855729d493ee2042b19117a70._comment Normal file
View file

@ -0,0 +1,20 @@
[[!comment format=mdwn
username="andrew"
avatar="http://cdn.libravatar.org/avatar/acc0ece1eedf07dd9631e7d7d343c435"
subject="comment 2"
date="2019-01-16T23:51:21Z"
content="""
Another workflow is to use `encryption=pubkey`. Again init the repo on s3. And add the keys of all your devs.
git annex initremote sensitive-s3 type=S3 chunk=1MiB encryption=pubkey embedcreds=no keyid=DEV1_KEYID
git annex enableremote sensitive-s3 keyid+=DEV2_KEYID
git annex enableremote sensitive-s3 keyid+=DEV3_KEYID
Then files on sensitive-s3 will be encrypted using (I think) multi-key encryption that any of the devs can decrypt using their private key.
If you want to remove a dev later then you would have to, tell git-annex to remove their key, drop all files from sensitive-s3 (since they are readable by the revoked dev), then re-upload all files.
git annex enableremote sensitive-s3 keyid-=DEV2_KEYID
git annex drop --from=sensitive-s3
git annex copy --to=senitive-s3 /tmp/all-the-sensitive-files
"""]]