#type/zk/zettel #a/maturity/small-tree # Basic [[git-crypt]] info [[git-crypt]] can encrypt files before pushing to git remote and decrypt after pulling. This is configured using the [[gitattributes]] file (see [[How git-crypt works]] for some details). You don't need to lock a repository before pushing, as encryption and decryption is done on checkin and checkout. To unlock a repo, a key file is needed, this key file can be exported from an unlocked repo. git-crypt cannot encrypt anything that has already been committed. ## Example [[gitattributes|.gitattributes]] file ```.gitattributes path/to/some_encrypted_dir/** filter=git-crypt diff=git-crypt path/to/another_encrypted_dir/** filter=git-crypt diff=git-crypt ``` ## Some basic commands ```bash # init git-crypt repo git-crypt init # export key git-crypt export-key /destination/path/for/exported/git-crypt-key # list staged or committed files that are not included in the .gitattributes filters git ls-files -z | xargs -0 git check-attr filter | grep unspecified # check encryption status of staged or committed files git-crypt status -e # unlock git-crypt unlock /path/to/key/file # lock (not really necessary) git-crypt lock ``` --- Sowed on:: [[2024-01-09|2024-01-09]] Sources:: [[Obsidian notes with git-crypt (GitHub)]] See also:: Related references:: Further reading::