[TriLUG] best encryption solution for encrypting source control?
matt at noway2.thruhere.net
matt at noway2.thruhere.net
Thu Feb 5 11:32:49 EST 2015
> I could be misunderstanding, but this sounds like a very bad idea. If
> you don't trust your source control host, then get a new one.
>
> If you start committing encrypted files you loose most of the benefits
> of a source control system since you can't see diffs, proper
> histories, etc. You're essentially treating all your source files as
> binaries from the SCMs point of view and most of them handle binary
> files as poor second class citizens.
>
That was my thought too.
I would keep the focus on decent mechanism for authentication to the
source control system and make sure that it is physically secure but
encrypting the data one it is stored sound like it is asking for troubles
with little to no benefit.
I would recommend that you really look at what your trying to protect
against and see if there is a better way or if it is even an area that
requires additional protections.
More information about the TriLUG
mailing list