Add `list-gpg-user`command to list all added users
zhiboz opened this issue · comments
Is it feasible to introduce a new command
git-crypt list-gpg-user
to list all added gpg users? Are there alternatives to show that info with the existing implementation?
Yeah, this is planned. For now, if you list the contents of the .git-crypt/keys/default/0/
directory you'll get the full GPG fingerprints of every authorized user.
Cool! Greatly appreciate your efforts!
They are the fingerprints and not the actual GPG keys?
Yes, the filenames are the fingerprints, not the actual keys.
Gotcha. Is the .git-crypt directory actually encrypted as well? I don't see the need to encrypt it. Also wouldn't it make sense to store the public key as well? Or is it there and I am just missing it.
The .git-crypt
directory is not encrypted by git-crypt (in fact, git-crypt installs a .gitattributes
file in .git-crypt
to override any rules that might cause it to be encrypted inadvertently).
That said, each file inside .git-crypt
is separately encrypted, by GPG, to the public key indicated by the fingerprint in the filename. This is what allows contributors to unlock the repository using their GPG private key.
It wouldn't make sense for git-crypt to store the GPG public key. That's what the GPG keyring is for. Given a fingerprint, you can export the public key from GPG with gpg --export
.
I'm waiting for this feature, this's gonna be great! 👍
👍 for this subcommand
+1 very useful feature to have
I found this awesome blog post! https://www.devopsgroup.com/2016/12/08/easy-git-crypt-user-identification/
Thanks @GregSharpe1. Nice article!
Wow @GregSharpe1, that's exacly what I was looking for!!
Just check the git log
git log .git-crypt/
git log .git-crypt/keys/*/*/*.gpg
Create git alias to make pseudo-command git crypt-users
Add this..
[alias]
crypt-users = ! git log .git-crypt/keys/*/*/*.gpg | egrep '\\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,6}\\b'
to your ~/.gitconfig
UPDATE: new version
[alias]
crypt-users = "! git log --format=full .git-crypt/keys/*/*/*.gpg | grep -E '^ .+' | sed 's/ *$//g' | awk '{gsub(/^[ \t]+/,\"\"); print $0 }'"
@AGWA is this still planned?
This feature would increase the UX and thus security by making it more transparent which users were granted access.
Create git alias to make pseudo-command
git crypt-users
Add this..[alias] crypt-users = ! git log .git-crypt/keys/*/*/*.gpg | egrep '\\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,6}\\b'
to your
~/.gitconfig
UPDATE: new version
[alias] crypt-users = "! git log --format=full .git-crypt/keys/*/*/*.gpg | grep -E '^ .+' | sed 's/ *$//g' | awk '{gsub(/^[ \t]+/,\"\"); print $0 }'"
If anybody is looking for one that only lists the emails (that was what I needed anyways):
[alias]
crypt-users = "! git log --format=full .git-crypt/keys/*/*/*.gpg | grep -E '^ .+' | sed 's/ *$//g' | awk '{gsub(/^[ \t]+/,\"\"); print $0 }' | awk 'NF>1{print $NF}' | sed 's/.//;s/.$//'"
Wow, this worked like a charm. Thank you!