Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

git-crypt #48

Closed
7 tasks done
arcticicestudio opened this issue Jun 22, 2019 · 1 comment
Closed
7 tasks done

git-crypt #48

arcticicestudio opened this issue Jun 22, 2019 · 1 comment
Labels
context-workflow scope-maintainability scope-security type-feature
Milestone
0.4.0

Comments

@arcticicestudio
Copy link
Owner

arcticicestudio commented Jun 22, 2019
edited
Loading

Epic: #33
Depends on #35 #49

Integrate git-crypt into the repository to allow to encrypt specific files using GPG.
git-crypt is a stable and production proven concept that works safely and allows to use a transparent encryption with Git.

snowsaw will use it to encrypt files containing sensitive data like deployment, API or any other kind of secret keys. Another way would be to use Circle CI's environment variables features to make sensitive data available during build time, but using git-crypt ensures that all required project data is stored in the repository and tracked by Git without the need to manually configure CI/CD providers and servers.

Integration Steps

  • 1 Add files to .gitattributes and configure filter and diff to use git-crypt setup
  • 2 Initialize git-crypt for the repository: git-crypt init (default key)
  • 3 Add the GPG keys of all core team members keys and CI/CD virtual user: git-crypt add-gpg-user --trusted --no-commit <ID> (--no-commit flag prevents automatic commit of generated files while --trusted assumes the GPG user IDs are trusted)
  • 4 Commit the new generated .git-crypt folder
  • 5 Unlock the repository: git-crypt unlock
  • 6 Ensure all target files are tracked to be encrypted: git-crypt status
  • 7 Commit all encrypted target files Nothing to commit yet
  • 8 Validate the encryption works by locking the repository again: git-crypt lock
@arcticicestudio arcticicestudio added this to the 0.4.0 milestone Jun 22, 2019
@arcticicestudio arcticicestudio self-assigned this Jun 22, 2019
This was referenced Jun 22, 2019
Closed
Closed
arcticicestudio added a commit that referenced this issue Jun 22, 2019
@arcticicestudio
Initial repository clean up for Go rewrite
b311c41 
In order to start the Go project rewrite (1) from scratch the current
repository structure and files have been reset to a clean state to
remove all references to the previous implementations, documentations
and project structure/layout.

Starting from a "fresh" state allows to build the project up with the
correct structure and design pattern as if there were leftovers from
the previous repository data resulting in mixed files and folders.

This commit must be pushed first before all other blocked tickets can be
resolved that are also bound to the epic GH-33!
See the corresponding milestone (2) for more details about the
implementation/resolve order.

>>>> Tasks

- `.idea/` (3) - Deleted the whole folder, the files were scoped for
  "Pycharm Community Edition" and will be replaced with the correct
  files for "IntelliJ Ultimate Edition" with the official Go plugin (4)
  (Goland (5)) later on.
- `assets/` (6) - Deleted the whole folder, all assets will be
  redesigned and added again later on.
- `bin/` (7) - Deleted the whole folder, the script was part of the
  Python implementation and represented the entry point of the app.
- `snowsaw/` (8) - Deleted the whole folder, included the main Python
  app and API implementations.
- `.editorconfig` (9) - Deleted the file, it will be recreated in GH-38
  to match the new project layout and latest "Arctic Ice Studio" project
  design standards/guidelines.
- `.gitignore` (10) - Deleted the file, it will be recreated in GH-35 to
  match the new project layout and latest "Arctic Ice Studio" project
  design standards/guidelines.
- `CHANGELOG.md` (11) - Deleted the file, it will be recreated later on to
  match the new project layout and latest "Arctic Ice Studio" project
  design standards/guidelines.
- `README.md` (12) - Deleted the file, it will be recreated later on to
  match the new project layout and latest "Arctic Ice Studio" project
  design standards/guidelines including the new project assets
  (logo, repository hero etc.).

References:
  (1) #33
  (2) https://github.com/arcticicestudio/snowsaw/milestone/5
  (3) https://github.com/arcticicestudio/snowsaw/tree/bc54e5136be27f8037de5bbc2f046f37eb036274/.idea
  (4) https://plugins.jetbrains.com/plugin/9568-go
  (5) https://www.jetbrains.com/go
  (6) https://github.com/arcticicestudio/snowsaw/tree/bc54e5136be27f8037de5bbc2f046f37eb036274/assets
  (7) https://github.com/arcticicestudio/snowsaw/tree/bc54e5136be27f8037de5bbc2f046f37eb036274/bin
  (8) https://github.com/arcticicestudio/snowsaw/tree/bc54e5136be27f8037de5bbc2f046f37eb036274/snowsaw
  (9) https://github.com/arcticicestudio/snowsaw/blob/bc54e5136be27f8037de5bbc2f046f37eb036274/.editorconfig
  (10) https://github.com/arcticicestudio/snowsaw/blob/bc54e5136be27f8037de5bbc2f046f37eb036274/.gitignore
  (11) https://github.com/arcticicestudio/snowsaw/blob/bc54e5136be27f8037de5bbc2f046f37eb036274/CHANGELOG.md
  (12) https://github.com/arcticicestudio/snowsaw/blob/bc54e5136be27f8037de5bbc2f046f37eb036274/README.md

Epic: GH-33
Blocked GH-34 GH-35 GH-36 GH-37 GH-38 GH-39 GH-42 GH-43 GH-44 GH-45
        GH-46 GH-47 GH-48
Resolves GH-49
arcticicestudio added a commit that referenced this issue Jun 22, 2019
@arcticicestudio
Add Git ignore and attribute pattern
329a754 
Added the `.gitattributes` (1) and `.gitignore` (2) configuration files
for pattern handling that are matching the latest "Arctic Ice Studio"
project design standards/guidelines.

References:
  (1) https://git-scm.com/docs/gitattributes
  (2) https://git-scm.com/docs/gitignore

Epic: GH-33
Blocks GH-48
Depends on GH-49
Resolves GH-35
arcticicestudio added a commit that referenced this issue Jun 23, 2019
@arcticicestudio
Configure Git attributes filter and diff to use git-crypt setup
992dca0 
Ensured to exclude Git specific `.gitattributes` and `.gitignore` files.

Epic GH-33
Depends on GH-35 GH-49
GH-48
arcticicestudio added a commit that referenced this issue Jun 23, 2019
@arcticicestudio
Import trusted GPG keys for git-crypt
d45bc86 
Initialized git-crypt for the repository with `git-crypt init`.

Added GPG keys of all core team members by running the
`git-crypt add-gpg-user --trusted --no-commit <ID>` command where
`--no-commit` flag prevents automatic commit of generated files while
`--trusted` assumes the GPG user IDs are trusted.

Epic GH-33
Depends on GH-35 GH-49
GH-48
arcticicestudio added a commit that referenced this issue Jun 23, 2019
@arcticicestudio
Import trusted GPG keys for git-crypt
a441a1e 
Initialized git-crypt for the repository with `git-crypt init`.

Added GPG keys of all core team members by running the
`git-crypt add-gpg-user --trusted --no-commit <ID>` command where
`--no-commit` flag prevents automatic commit of generated files while
`--trusted` assumes the GPG user IDs are trusted.

Epic GH-33
Depends on GH-35 GH-49
Resolves GH-48
@arcticicestudio arcticicestudio mentioned this issue Jun 23, 2019
Merged
arcticicestudio added a commit that referenced this issue Jun 23, 2019
@arcticicestudio
git-crypt (#56)
3f221b6 
* Configure Git attributes `filter` and `diff` to use `git-crypt` setup

Ensured to exclude Git specific `.gitattributes` and `.gitignore` files.

Epic GH-33
Depends on GH-35 GH-49
GH-48

<--------------------------------------------------------------------->

* Import trusted GPG keys for git-crypt

Initialized git-crypt for the repository with `git-crypt init`.

Added GPG keys of all core team members by running the
`git-crypt add-gpg-user --trusted --no-commit <ID>` command where
`--no-commit` flag prevents automatic commit of generated files while
`--trusted` assumes the GPG user IDs are trusted.

Epic GH-33
Depends on GH-35 GH-49
Resolves GH-48
@arcticicestudio
Copy link
Owner Author

Resolved in #56 (3f221b6)

@arcticicestudio arcticicestudio removed their assignment Jun 23, 2019
@arcticicestudio arcticicestudio mentioned this issue Jun 23, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
context-workflow scope-maintainability scope-security type-feature
Projects
None yet
Milestone
0.4.0
Development

No branches or pull requests
1 participant
@arcticicestudio