This is how git-secret works. It has a bash script that does gpg encryption and decryption of files when you run commands like git secret hide and git secret reveal. You first git secret tell someone@example.com to add them to a keyring in a hidden folder .gitsecret. Then you add a load of secret files to .gitignore and with git secret add file1 file2. Now when you git secret hide it calls git-secret hide which runs the hide function. That gpg encrypts the hidden file with all the keys in the keyring. Now only collaborators can get at the secrets that are encrypted on github. We created keys for our deployment webhooks which pull the latest config in git, decrypt it, then install it into our kubernetes cluster.
This is how git-secret works. It has a bash script that does gpg encryption and decryption of files when you run commands like
git secret hideandgit secret reveal. You firstgit secret tell someone@example.comto add them to a keyring in a hidden folder.gitsecret. Then you add a load of secret files to.gitignoreand withgit secret add file1 file2. Now when yougit secret hideit callsgit-secret hidewhich runs the hide function. That gpg encrypts the hidden file with all the keys in the keyring. Now only collaborators can get at the secrets that are encrypted on github. We created keys for our deployment webhooks which pull the latest config in git, decrypt it, then install it into our kubernetes cluster.