How to Encrypt Git Repositories
Oct 23, 2022
In this post you will learn how to easily encrypt Git remote repositories with GnuPG. You could use this to store and synchronize sensitive code on remotes, that you don't trust. For example, I'm using an encrypted Git repository to sync my passwords across multiple devices.
apt install git-remote-gcrypt
dnf install git-remote-gcrypt
pacman -S git-remote-gcrypt
You will also need a GPG key for encryption. You can install GPG like this:
apt install gnupg
dnf install gnupg
pacman -S gnupg
You can list all your GPG keys with
gpg --list-keys. In case you don't already have a key, you can create one with
To create a new Git repository, run:
git init. But you can also do this on an existing repository. Now we need to add the remote you want to encrypt like this:
git remote add <remote_name> gcrypt::<remote_url>
git remote add origin gcrypt::https://github.com/flolu/encrypted
Now you need to configure which GPG key should be used for encryption. To do this you first need to get the fingerprint of this key. So run
gpg --list-keys and copy the fingerprint of the desired key (the long Hex code in the second line). Then you can configure your repository to use this key like this:
git config remote.<remote_name>.gcrypt-participants "<key_fingerprint>" git config remote.<remote_name>.gcrypt-signingkey "<key_fingerprint>"
git config remote.origin.gcrypt-participants "3D5211D0E51A0C396AB417032BF2E9B3FB1972D8" git config remote.origin.gcrypt-signingkey "3D5211D0E51A0C396AB417032BF2E9B3FB1972D8"
Now you can make commits as usual with
git commit. To upload the changes to the encrypted remote simply run:
git push <remote_name> <branch>
git push origin master
And that's it! Your remote files will be encrypted now. You can take a look at an encrypted GitHub repository here.
To clone an encrypted Git repository, you need to run:
git clone gcrypt::<remote_url>
This will only work if you have the GPG, which was used for encryption, on your computer!