在之前的文章中(点击此处查看上一篇文章),我们了解了如何识别包含密钥的文件 , 将密钥添加到 .gitignore ,通过 git-secret 进行加密,以及将加密文件提交到存储库 。在本篇文章中,将带你了解如何在 Docker 容器中设置 git-secret 和 gpg,通过 Makefile recipe 为不同的场景创建工作流 。
Makefile Adjustment将 git-secret 和 gpg 指令添加到 Makefile 中 .make/01-00-application-setup.mk:
# File: .make/01-00-application-setup.mk#...# gpgDEFAULT_SECRET_GPG_KEY?=secret.gpgDEFAULT_PUBLIC_GPG_KEYS?=.dev/gpg-keys/*.PHONY: gpggpg: ## Run gpg commands. Specify the command e.g. via ARGS="--list-keys"$(EXECUTE_IN_APPLICATION_CONTAINER) gpg $(ARGS).PHONY: gpg-export-public-keygpg-export-public-key: ## Export a gpg public key e.g. via EMAIL="john.doe@example.com" PATH=".dev/gpg-keys/john-public.gpg"@$(if $(PATH),,$(error PATH is undefined))@$(if $(EMAIL),,$(error EMAIL is undefined))"$(MAKE)" -s gpg ARGS="gpg --armor --export $(EMAIL) > $(PATH)".PHONY: gpg-export-private-keygpg-export-private-key: ## Export a gpg private key e.g. via EMAIL="john.doe@example.com" PATH="secret.gpg"@$(if $(PATH),,$(error PATH is undefined))@$(if $(EMAIL),,$(error EMAIL is undefined))"$(MAKE)" -s gpg ARGS="--output $(PATH) --armor --export-secret-key $(EMAIL)".PHONY: gpg-importgpg-import: ## Import a gpg key file e.g. via GPG_KEY_FILES="/path/to/file /path/to/file2"@$(if $(GPG_KEY_FILES),,$(error GPG_KEY_FILES is undefined))"$(MAKE)" -s gpg ARGS="--import --batch --yes --pinentry-mode loopback $(GPG_KEY_FILES)".PHONY: gpg-import-default-secret-keygpg-import-default-secret-key: ## Import the default secret key"$(MAKE)" -s gpg-import GPG_KEY_FILES="$(DEFAULT_SECRET_GPG_KEY)".PHONY: gpg-import-default-public-keysgpg-import-default-public-keys: ## Import the default public keys"$(MAKE)" -s gpg-import GPG_KEY_FILES="$(DEFAULT_PUBLIC_GPG_KEYS)" .PHONY: gpg-initgpg-init: gpg-import-default-secret-key gpg-import-default-public-keys ## Initialize gpg in the container, i.e. import all public and private keys# git-secret.PHONY: git-secretgit-secret: ## Run git-secret commands. Specify the command e.g. via ARGS="hide"$(EXECUTE_IN_APPLICATION_CONTAINER) git-secret $(ARGS).PHONY: secret-initsecret-init: ## Initialize git-secret in the repository via `git-secret init`"$(MAKE)" -s git-secret ARGS="init".PHONY: secret-init-gpg-socket-configsecret-init-gpg-socket-config: ## Initialize the config files to change the gpg socket locationsecho "%Assuan%" > .gitsecret/keys/S.gpg-agentecho "socket=/tmp/S.gpg-agent" >> .gitsecret/keys/S.gpg-agentecho "%Assuan%" > .gitsecret/keys/S.gpg-agent.sshecho "socket=/tmp/S.gpg-agent.ssh" >> .gitsecret/keys/S.gpg-agent.sshecho "extra-socket /tmp/S.gpg-agent.extra" > .gitsecret/keys/gpg-agent.confecho "browser-socket /tmp/S.gpg-agent.browser" >> .gitsecret/keys/gpg-agent.conf.PHONY: secret-encryptsecret-encrypt: ## Decrypt secret files via `git-secret hide`"$(MAKE)" -s git-secret ARGS="hide".PHONY: secret-decryptsecret-decrypt: ## Decrypt secret files via `git-secret reveal -f`"$(MAKE)" -s git-secret ARGS="reveal -f" .PHONY: secret-decrypt-with-passwordsecret-decrypt-with-password: ## Decrypt secret files using a password for gpg via `git-secret reveal -f -p $(GPG_PASSWORD)`@$(if $(GPG_PASSWORD),,$(error GPG_PASSWORD is undefined))"$(MAKE)" -s git-secret ARGS="reveal -f -p $(GPG_PASSWORD)" .PHONY: secret-addsecret-add: ## Add a file to git secret via `git-secret add $FILE`@$(if $(FILE),,$(error FILE is undefined))"$(MAKE)" -s git-secret ARGS="add $(FILE)".PHONY: secret-catsecret-cat: ## Show the contents of file to git secret via `git-secret cat $FILE`@$(if $(FILE),,$(error FILE is undefined))"$(MAKE)" -s git-secret ARGS="cat $(FILE)".PHONY: secret-listsecret-list: ## List all files added to git secret `git-secret list`"$(MAKE)" -s git-secret ARGS="list".PHONY: secret-removesecret-remove: ## Remove a file from git secret via `git-secret remove $FILE`@$(if $(FILE),,$(error FILE is undefined))"$(MAKE)" -s git-secret ARGS="remove $(FILE)".PHONY: secret-add-usersecret-add-user: ## Remove a user from git secret via `git-secret tell $EMAIL`@$(if $(EMAIL),,$(error EMAIL is undefined))"$(MAKE)" -s git-secret ARGS="tell $(EMAIL)".PHONY: secret-show-userssecret-show-users: ## Show all users that have access to git secret via `git-secret whoknows`"$(MAKE)" -s git-secret ARGS="whoknows".PHONY: secret-remove-usersecret-remove-user: ## Remove a user from git secret via `git-secret killperson $EMAIL`@$(if $(EMAIL),,$(error EMAIL is undefined))"$(MAKE)" -s git-secret ARGS="killperson $(EMAIL)".PHONY: secret-diffsecret-diff: ## Show the diff between the content of encrypted and decrypted files via `git-secret changes`"$(MAKE)" -s git-secret ARGS="changes"工作流程使用 git-secret 非常简单:
- 初始化
git-secret - 添加所有用户 。
- 添加所有机密文件并确保这些文件通过
推荐阅读
- Vue中使用Switch开关用来控制商品的上架与下架情况、同时根据数据库商品的状态反应到前台、前台修改商品状态保存到数据库
- qq文件zip文件怎么打开(qq群文件zip下载不了)
- 赵云是死在什么地方的怎么死的(赵云晚年斩死4员大将)
- 5 10 15 20划拳怎么玩(划拳上下左右怎么玩)
- 原神圣金虫位置在哪些地方
- 原神赤念果在什么位置
- 荣耀平板v7pro和小米平板5哪个好_荣耀平板v7pro和小米平板5对比
- 桃花诺邓紫棋mp3下载 樱花诺邓紫棋含义
- zip文件在电脑上怎么打开(电脑下载zip怎么打开)
- 驱动开发:内核枚举LoadImage映像回调
