[TriLUG] best encryption solution for encrypting source control?

Michael Peters michael00peters at gmail.com
Thu Feb 5 11:18:00 EST 2015 

I could be misunderstanding, but this sounds like a very bad idea. If
you don't trust your source control host, then get a new one.

If you start committing encrypted files you loose most of the benefits
of a source control system since you can't see diffs, proper
histories, etc. You're essentially treating all your source files as
binaries from the SCMs point of view and most of them handle binary
files as poor second class citizens.

On Thu, Feb 5, 2015 at 11:08 AM, Tim Jowers <timjowers at gmail.com> wrote:
> Hi,
>
> I realized a few months ago one of my source control hosts may allow access
> without proper authentication to one of my repos. I want to eliminate this
> risk in the future.
>
> Does anyone have a recommendation for a good encryption solution?  I want
> two things.
> 1. My user account can provide a password to decrypt files. During my login
> session, the files are accessed decrypted. Maybe LUKS?
> https://code.google.com/p/cryptsetup/ Anyone use it?
> 2. Each file can be decrypted individually. That is, I can commit the
> encrypted file into source control. Later someone else can retrieve the
> decrypted file and, if they have the password, decrypt.
> Does anyone do something like this now? It seems like I might could setup
> an encrypted disk, make that my source control master, and then
> commit/retrieve from there. But I want to commit/retrieve the encrypted
> files. If that makes sense. Maybe something like this:
>
> /dev/md0 -> install LUKS?
> put source control "repos" directory on there.
> userA commits and retrieves from repos but works with encrypted files only.
> possible?
> userA retrieves files into "working" folder.
> userB  works with "working" folder on the encrypted fs and files are
> decrypted/encrypted magically.
> Would that work?
>
> Thanks,
> Tim
> --
> This message was sent to: Michael Peters <michael00peters at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  : http://www.trilug.org/mailman/options/trilug/michael00peters%40gmail.com
> Welcome to TriLUG: http://trilug.org/welcome

More information about the TriLUG mailing list