Key point: this isn’t (just) about PGP or SMTP, it’s email as a whole system:
Even after we replace PGP, encrypted email will remain unsafe. Here’s why:
- If messages can be sent in plaintext, they will be sent in plaintext.
- Metadata is as important as content, and email leaks it.
- Every archived message will eventually leak.
- Every long term secret will eventually leak.
git-remote-gcrypt is a git remote helper to push and pull from repositories encrypted with GnuPG, using a custom format
Supported backends are local, rsync:// and sftp://, where the repository is stored as a set of files, or instead anywhere gcrypt will store the same representation in a git repository
The aim is to provide confidential, authenticated git storage and collaboration using typical untrusted file hosts or services.
Tested: it works fine and is very easy to setup:
git remote add gitcrypt gcrypt::git@...
git config user.signingkey ...
git config gcrypt.participants ...
git push gitcrypt master
To encrypt only SOME files in a git
repo, better look at git-crypt
editor of encrypted files that supports YAML, JSON and BINARY formats and encrypts with AWS KMS and PGP