[TriLUG] best encryption solution for encrypting source control?

Tim Jowers timjowers at gmail.com
Thu Feb 5 11:08:33 EST 2015


Hi,

I realized a few months ago one of my source control hosts may allow access
without proper authentication to one of my repos. I want to eliminate this
risk in the future.

Does anyone have a recommendation for a good encryption solution?  I want
two things.
1. My user account can provide a password to decrypt files. During my login
session, the files are accessed decrypted. Maybe LUKS?
https://code.google.com/p/cryptsetup/ Anyone use it?
2. Each file can be decrypted individually. That is, I can commit the
encrypted file into source control. Later someone else can retrieve the
decrypted file and, if they have the password, decrypt.
Does anyone do something like this now? It seems like I might could setup
an encrypted disk, make that my source control master, and then
commit/retrieve from there. But I want to commit/retrieve the encrypted
files. If that makes sense. Maybe something like this:

/dev/md0 -> install LUKS?
put source control "repos" directory on there.
userA commits and retrieves from repos but works with encrypted files only.
possible?
userA retrieves files into "working" folder.
userB  works with "working" folder on the encrypted fs and files are
decrypted/encrypted magically.
Would that work?

Thanks,
Tim


More information about the TriLUG mailing list