Git-secret: Store secrets in Git repositories the right way
There’s a known problem in server configuration and deploying, when you have to store your private data such as: database passwords, application secret-keys, OAuth secret keys and so on, outside of the git repository. Even if this repository is private, it is a security risk to just publish them into the world wide web.
Storing them separately has a lot of drawbacks. These files are not version controlled. Filenames change, locations change, passwords change from time to time, some new information appears, other is removed. Also, when building the automated deployment system there will be one extra step: download and place these secret-configuration files where they need to be. So you have to maintain an extra secure server, where everything is stored.
How does git-secret solve these problems? Git-secret encrypts files and stores them inside the git repository, so you will have all the changes for every commit. Git-secret doesn’t require any other deploy operations rather than git secret reveal, so it will automatically decrypt all the required files.