Have you seen the much older pwstore tool? https://github.com/formorer/pwstore It does have some notable features missing from git-secret and similar tools to this day. - Whitelist of trusted keys to detect addition of unexpected keys. - Specify what users/groups have access to any given file (via a header in each file, which implies that the file must be plaintext). I've wondered if storing metadata about the objects in notes might improve matters: - a clearsigned block with verifiable readable data (eg who in a team can access) - an encrypted block with the inner key (nice side effect that this separates versioning of the wrapped inner key from the versioning of the object). This also a nice property that when you revoke/remove an outer (user) key, can know implicitly the old secrets they had access to (which should probably be rotated, as you don't know if they have a copy of them outside of the system). Yes, I'm aware of other system's like Hashicorp's Vault, but do appreciate the simplicity of git-secret, pass [1], pwstore [2] and other simpler tools. [1] https://www.passwordstore.org/ [2] https://github.com/formorer/pwstore It's at least as old as the Git history indicates, possibly older, I don't know if the Git history included a full conversion of SVN history. -- Robin Hugh Johnson Gentoo Linux: Developer, Infrastructure Lead, Foundation Trustee E-Mail : robbat2@xxxxxxxxxx GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html