Hi, On Thu, 13 Mar 2008, Miklos Vajna wrote: > On Thu, Mar 13, 2008 at 11:48:53AM +0300, Alexander Gladysh <agladysh@xxxxxxxxx> wrote: > > I want to create a private GIT repo (without working copy) on a > > machine in external data-center. While I do not actually believe that > > it is possible that someone who has physical access to a machine would > > be interested in peeking into my repo, I'd like to play safe and to > > have this issue covered. > > > > Please advise what is the best way to do it. Are there any existing > > solutions? > > i don't think but you can write a wrapper around git receive/upload-pack > and use (for example) tar+gpg to keep your repo encrypted on the disc. The problem is: you cannot decrypt on the remote side, otherwise you will lose all the security. But if you do not decrypt on the remote side, you cannot store deltified objects (you lose all the benefits of Git's efficient storage), neither can you update incrementally (you lose all the benefits of Git's efficient transport). The latter can be remedied (somewhat) by encrypting each object individually. In that case, .gitattributes can help (you should be able to find a mail to that extent, which I sent no more than 2 weeks ago). However, you must make sure that the encryption is repeatable, i.e. two different encryption runs _must_ result in _identical_ output. If it is only a single file containing all your secrets, it can also make sense to just encrypt it, and track the _encrypted_ file directly (without clean/smudge filters). Hth, Dscho -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
