git-crypt #123
Milestone
Comments
arcticicestudio
added a commit
that referenced
this issue
Feb 14, 2019
Defined the first files that should be encrypted and ensured to exclude the Git specific `.gitattributes` itself and `.gitignore` files. GH-123
arcticicestudio
added a commit
that referenced
this issue
Feb 14, 2019
Initialized git-crypt for the repository with `git-crypt init`. Added GPG keys of all core team members and the CI/CD virtual user using `git-crypt add-gpg-user --trusted --no-commit <ID>` (`--no-commit` flag prevents automatic commit of generated files while `--trusted` assumes the GPG user IDs are trusted) GH-123
arcticicestudio
added a commit
that referenced
this issue
Feb 14, 2019
The files are tracked by git-crypt and transparently encrypted on-the-fly. GH-123
arcticicestudio
added a commit
that referenced
this issue
Feb 16, 2019
Initialized git-crypt for the repository with `git-crypt init`. Added GPG keys of all core team members and the CI/CD virtual user using `git-crypt add-gpg-user --trusted --no-commit <ID>` (`--no-commit` flag prevents automatic commit of generated files while `--trusted` assumes the GPG user IDs are trusted) GH-123
arcticicestudio
added a commit
that referenced
this issue
Feb 16, 2019
The files are tracked by git-crypt and transparently encrypted on-the-fly. GH-123
arcticicestudio
added a commit
that referenced
this issue
Feb 16, 2019
Nord Docs uses git-crypt to encrypt Gatsby environment variables] (1) stored in `.env*` files that are handled by dotenv (2). Another way would be to use Circle CI's environment variables features (3) to make sensitive data available during build time, but using git-crypt ensures that all required project data is stored in the repository and tracked by Git without the need to manually configure CI/CD providers and servers. Unfortunately Netlify currently doesn't provide a way to customize the Docker container configuration so that it is not possible to set up GPG and git-crypt to import the CI/CD GPG secret key, decrypt the files and build the project. An attempted solution was to use Netlify's awesome "Functions" feature (4) to run a function that executes shell commands using the `deploy-building` trigger to set up GPG and git-crypt, but there is no way to ins tall `git-crypt` in the container so this doesn't work. Therefore is is necessary to manually set required environment variables via Netlify's web app UI for build environment variables . - `NORD_DOCS_GOOGLE_UNIVERSAL_ANALYTICS_TRACKING_ID` - Stores the "Google Universal Analytics" tracking ID. References: (1) https://www.gatsbyjs.org/docs/environment-variables (2) https://github.com/motdotla/dotenv (3) https://circleci.com/docs/2.0/env-vars (4) https://www.netlify.com/docs/functions (5) https://www.netlify.com/docs/continuous-deployment/#build-environment-variables GH-123
arcticicestudio
added a commit
that referenced
this issue
Feb 16, 2019
Nord Docs uses git-crypt to encrypt Gatsby environment variables] (1) stored in `.env*` files that are handled by dotenv (2). Another way would be to use Circle CI's environment variables features (3) to make sensitive data available during build time, but using git-crypt ensures that all required project data is stored in the repository and tracked by Git without the need to manually configure CI/CD providers and servers. Unfortunately Netlify currently doesn't provide a way to customize the Docker container configuration so that it is not possible to set up GPG and git-crypt to import the CI/CD GPG secret key, decrypt the files and build the project. An attempted solution was to use Netlify's awesome "Functions" feature (4) to run a function that executes shell commands using the `deploy-building` trigger to set up GPG and git-crypt, but there is no way to ins tall `git-crypt` in the container so this doesn't work. Therefore is is necessary to manually set required environment variables via Netlify's web app UI for build environment variables . - `NORD_DOCS_GOOGLE_UNIVERSAL_ANALYTICS_TRACKING_ID` - Stores the "Google Universal Analytics" tracking ID. References: (1) https://www.gatsbyjs.org/docs/environment-variables (2) https://github.com/motdotla/dotenv (3) https://circleci.com/docs/2.0/env-vars (4) https://www.netlify.com/docs/functions (5) https://www.netlify.com/docs/continuous-deployment/#build-environment-variables GH-123
arcticicestudio
added a commit
that referenced
this issue
Feb 16, 2019
Nord Docs uses git-crypt to encrypt Gatsby environment variables] (1) stored in `.env*` files that are handled by dotenv (2). Another way would be to use Circle CI's environment variables features (3) to make sensitive data available during build time, but using git-crypt ensures that all required project data is stored in the repository and tracked by Git without the need to manually configure CI/CD providers and servers. Unfortunately Netlify currently doesn't provide a way to customize the Docker container configuration so that it is not possible to set up GPG and git-crypt to import the CI/CD GPG secret key, decrypt the files and build the project. An attempted solution was to use Netlify's awesome "Functions" feature (4) to run a function that executes shell commands using the `deploy-building` trigger to set up GPG and git-crypt, but there is no way to ins tall `git-crypt` in the container so this doesn't work. Therefore is is necessary to manually set required environment variables via Netlify's web app UI for build environment variables . - `NORD_DOCS_GOOGLE_UNIVERSAL_ANALYTICS_TRACKING_ID` - Stores the "Google Universal Analytics" tracking ID. References: (1) https://www.gatsbyjs.org/docs/environment-variables (2) https://github.com/motdotla/dotenv (3) https://circleci.com/docs/2.0/env-vars (4) https://www.netlify.com/docs/functions (5) https://www.netlify.com/docs/continuous-deployment/#build-environment-variables GH-123
arcticicestudio
added a commit
that referenced
this issue
Feb 16, 2019
Nord Docs uses git-crypt to encrypt Gatsby environment variables] (1) stored in `.env*` files that are handled by dotenv (2). Another way would be to use Circle CI's environment variables features (3) to make sensitive data available during build time, but using git-crypt ensures that all required project data is stored in the repository and tracked by Git without the need to manually configure CI/CD providers and servers. Unfortunately Netlify currently doesn't provide a way to customize the Docker container configuration so that it is not possible to set up GPG and git-crypt to import the CI/CD GPG secret key, decrypt the files and build the project. An attempted solution was to use Netlify's awesome "Functions" feature (4) to run a function that executes shell commands using the `deploy-building` trigger to set up GPG and git-crypt, but there is no way to ins tall `git-crypt` in the container so this doesn't work. Therefore is is necessary to manually set required environment variables via Netlify's web app UI for build environment variables . - `NORD_DOCS_GOOGLE_UNIVERSAL_ANALYTICS_TRACKING_ID` - Stores the "Google Universal Analytics" tracking ID. References: (1) https://www.gatsbyjs.org/docs/environment-variables (2) https://github.com/motdotla/dotenv (3) https://circleci.com/docs/2.0/env-vars (4) https://www.netlify.com/docs/functions (5) https://www.netlify.com/docs/continuous-deployment/#build-environment-variables GH-123
arcticicestudio
added a commit
that referenced
this issue
Feb 16, 2019
Nord Docs uses git-crypt to encrypt Gatsby environment variables] (1) stored in `.env*` files that are handled by dotenv (2). Another way would be to use Circle CI's environment variables features (3) to make sensitive data available during build time, but using git-crypt ensures that all required project data is stored in the repository and tracked by Git without the need to manually configure CI/CD providers and servers. Unfortunately Netlify currently doesn't provide a way to customize the Docker container configuration so that it is not possible to set up GPG and git-crypt to import the CI/CD GPG secret key, decrypt the files and build the project. An attempted solution was to use Netlify's awesome "Functions" feature (4) to run a function that executes shell commands using the `deploy-building` trigger to set up GPG and git-crypt, but there is no way to ins tall `git-crypt` in the container so this doesn't work. Therefore is is necessary to manually set required environment variables via Netlify's web app UI for build environment variables . - `NORD_DOCS_GOOGLE_UNIVERSAL_ANALYTICS_TRACKING_ID` - Stores the "Google Universal Analytics" tracking ID. References: (1) https://www.gatsbyjs.org/docs/environment-variables (2) https://github.com/motdotla/dotenv (3) https://circleci.com/docs/2.0/env-vars (4) https://www.netlify.com/docs/functions (5) https://www.netlify.com/docs/continuous-deployment/#build-environment-variables GH-123
arcticicestudio
added a commit
that referenced
this issue
Feb 16, 2019
Nord Docs uses git-crypt to encrypt Gatsby environment variables] (1) stored in `.env*` files that are handled by dotenv (2). Another way would be to use Circle CI's environment variables features (3) to make sensitive data available during build time, but using git-crypt ensures that all required project data is stored in the repository and tracked by Git without the need to manually configure CI/CD providers and servers. Unfortunately Netlify currently doesn't provide a way to customize the Docker container configuration so that it is not possible to set up GPG and git-crypt to import the CI/CD GPG secret key, decrypt the files and build the project. An attempted solution was to use Netlify's awesome "Functions" feature (4) to run a function that executes shell commands using the `deploy-building` trigger to set up GPG and git-crypt, but there is no way to ins tall `git-crypt` in the container so this doesn't work. Therefore is is necessary to manually set required environment variables via Netlify's web app UI for build environment variables . - `NORD_DOCS_GOOGLE_UNIVERSAL_ANALYTICS_TRACKING_ID` - Stores the "Google Universal Analytics" tracking ID. References: (1) https://www.gatsbyjs.org/docs/environment-variables (2) https://github.com/motdotla/dotenv (3) https://circleci.com/docs/2.0/env-vars (4) https://www.netlify.com/docs/functions (5) https://www.netlify.com/docs/continuous-deployment/#build-environment-variables GH-123
arcticicestudio
added a commit
that referenced
this issue
Feb 16, 2019
Nord Docs uses git-crypt to encrypt Gatsby environment variables] (1) stored in `.env*` files that are handled by dotenv (2). Another way would be to use Circle CI's environment variables features (3) to make sensitive data available during build time, but using git-crypt ensures that all required project data is stored in the repository and tracked by Git without the need to manually configure CI/CD providers and servers. Unfortunately Netlify currently doesn't provide a way to customize the Docker container configuration so that it is not possible to set up GPG and git-crypt to import the CI/CD GPG secret key, decrypt the files and build the project. An attempted solution was to use Netlify's awesome "Functions" feature (4) to run a function that executes shell commands using the `deploy-building` trigger to set up GPG and git-crypt, but there is no way to ins tall `git-crypt` in the container so this doesn't work. Therefore is is necessary to manually set required environment variables via Netlify's web app UI for build environment variables . - `NORD_DOCS_GOOGLE_UNIVERSAL_ANALYTICS_TRACKING_ID` - Stores the "Google Universal Analytics" tracking ID. References: (1) https://www.gatsbyjs.org/docs/environment-variables (2) https://github.com/motdotla/dotenv (3) https://circleci.com/docs/2.0/env-vars (4) https://www.netlify.com/docs/functions (5) https://www.netlify.com/docs/continuous-deployment/#build-environment-variables GH-123
arcticicestudio
added a commit
that referenced
this issue
Feb 16, 2019
Nord Docs uses git-crypt to encrypt Gatsby environment variables] (1) stored in `.env*` files that are handled by dotenv (2). Another way would be to use Circle CI's environment variables features (3) to make sensitive data available during build time, but using git-crypt ensures that all required project data is stored in the repository and tracked by Git without the need to manually configure CI/CD providers and servers. Unfortunately Netlify currently doesn't provide a way to customize the Docker container configuration so that it is not possible to set up GPG and git-crypt to import the CI/CD GPG secret key, decrypt the files and build the project. An attempted solution was to use Netlify's awesome "Functions" feature (4) to run a function that executes shell commands using the `deploy-building` trigger to set up GPG and git-crypt, but there is no way to ins tall `git-crypt` in the container so this doesn't work. Therefore is is necessary to manually set required environment variables via Netlify's web app UI for build environment variables . - `NORD_DOCS_GOOGLE_UNIVERSAL_ANALYTICS_TRACKING_ID` - Stores the "Google Universal Analytics" tracking ID. References: (1) https://www.gatsbyjs.org/docs/environment-variables (2) https://github.com/motdotla/dotenv (3) https://circleci.com/docs/2.0/env-vars (4) https://www.netlify.com/docs/functions (5) https://www.netlify.com/docs/continuous-deployment/#build-environment-variables GH-123
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Integrate git-crypt into the repository to allow to encrypt specific files using GPG.
git-crypt is a stable and production proven concept that works safely and allows to use a transparent encryption with Git.
Nord Docs will use it to encrypt Gatsby environment variables stored in
.env*files that are handled by dotenv. Another way would be to use Circle CI's environment variables features to make sensitive data available during build time, but using git-crypt ensures that all required project data is stored in the repository and tracked by Git without the need to manually configure CI/CD providers and servers.Unfortunately Netlify currently doesn't provide a way to customize the Docker container configuration so that it is not possible to set up GPG and git-crypt to import the CI/CD GPG secret key, decrypt the files and build the project. An attempted solution was to use Netlify's awesome “Functions” feature to run a function that executes shell commands using the
deploy-buildingtrigger to set up GPG and git-crypt, but there is no way to installgit-cryptin the container so this doesn't work.Therefore is is necessary to manually set required environment variables via Netlify's web app UI for build environment variables.
NORD_DOCS_GOOGLE_UNIVERSAL_ANALYTICS_TRACKING_ID— Stores the “Google Universal Analytics” tracking ID.Integration Steps
.gitattributesand configurefilteranddiffto usegit-cryptsetupgit-cryptfor the repository:git-crypt init(default key)git-crypt add-gpg-user --trusted --no-commit <ID>(--no-commitflag prevents automatic commit of generated files while--trustedassumes the GPG user IDs are trusted).git-cryptfoldergit-crypt unlockgit-crypt statusgit-crypt locknetlify.tomlfileThe text was updated successfully, but these errors were encountered: