Get started

Install gpg with your favorite tool, or ask some guy on freenode or slashdot to insult you unless you use theirs.

Make a key with gpg --gen-key.

• Option #1
• 4096 bits
• Use your real name and work email
• Make note of the public key ID after it's been created.

Use gpg --list-keys:

You'll see a line like this right above the line with your email address. I've bolded the part that is your public key id.

pub 4096R/7FCCBB83 2013-06-25

Export the public key to stdout with gpg --export -a <public key id>.

Follow the steps below in Adding your Key.

It's not a huge deal if you lose this thing, but it's kind of a pain in the ass if you do, so don't do that.

Usage

If gpg is not in your path, you're gonna have a bad day. So go fix that first.

# list credentials
$ ./list

# show a specific credential
$ ./show thing

# mac users, break out your pbr:
$ ./show thing | pbcopy

# update or add a specific credential
$ ./update thing < my_content

# re-encrypt the whole thing with the entire set of keys
$ ./rebuild

Adding your key

This will import your key, commit it and push it up.

$ ./add_key my_username < my_key.gpg

Then contact someone who already has decrypt access to encrypt everything.

Strong suggestion

Also install gpg-agent and configure it - it will keep you from having to enter your key password 800 times.

Here's how:

somewhere in an appropriate shell profile:

eval `gpg-agent --daemon`

Then in ~/.gnupg/gpg.conf:

use-agent

And we're done! Will store your password the first time, not bug you about it for a while. Nice for a lot of work in this repo, or using tools like ./rebuild that do a lot of decryption.