New feat: gc() one core fct + 5 childs to use git-crypt

README.md

@@ -12,13 +12,44 @@
 
 # BashLava
 
-BashLaVa is a utility-first bash framework. The idea is to abstract your workflow to minimize the time to do some repetitive actions.
+BashLaVa is a utility-first bash framework. The idea is to abstract your git workflow to minimize the time to do some repetitive actions.
 
-It's for developers that use git commands regularly. BashLaVa makes following git workflow a breeze without having to leave your terminal or use GitHub GUI.
+**Update May 2022**: There are so many new features, I must re-write the whole README.
 
-In other word, the the **agile release cycle** should be something you master. BashLaVa helps you big time to get there.
+## Features
 
-**WIP** - May 2022: There are so many new features, I must re-write the whole README.
+- A Super fast git flow
+- Sane default, see `.bashlava_env.sh`
+- Custom configuration to quickly use bashlava accross your project
+- manage your own bashscript scripts under /private
+- crypt secrets
+
+Below from the `bashlava.sh h`
+
+```
+  git flow
+
+  •  e  ....... | create a branch edge from main ........ | standalone
+  •  c  ....... | commit ................................ | usage: c "This feature rocks"
+  •  sq  ...... | squash commits ........................ | usage: sq 3 "Add: feat xyz, issue 123"
+  •  pr  ...... | create pull request  .................. | standalone
+  •  ci  ...... | show ci status on GitHub Actions ...... | standalone
+  •  mrg  ..... | merge to mainbranch ................... | standalone
+  •  m  ....... | checkout to main_branch  .............. | standalone
+  •  v  ....... | version code .......................... | standalone or usage: v 1.4.2
+  •  t  ....... | tag  .................................. | standalone
+  •  r  ....... | release  and open GUI on GitHub ....... | standalone
+  •  d  ....... | dummy  commits ........................ | standalone
+```
+
+## cli that are abstracted
+
+- git
+- gh
+- docker
+- git-crypt
+
+## Getting Started
 
 ## License
 

bashlava.sh

@@ -22,9 +22,31 @@ ________________________________________________________________________________
 PRIORITY 1 ____________________________________________________________________________
 
 
-TODO git-crypt
-- once gitcrypt to well test and solid
-- 0o0o
+TODO
+## New feat: gc() one core fct + 5 childs to use git-crypt
+- gc h(), add /docs/help_gitcrypt.md
+- (h) update /docs/help.md
+- Impact on: #4, #8
+
+## Minor
+- Update README.md
+
+TODO
+gc()
+  CONFIG: is if key is: symetric OR pub/priv
+    if symetric, we need to define a custom path for the key
+    most likely define in /private/entrypoint
+    Default pub/priv
+  CONFIG: do a gc on() when test()
+    default is false
+
+  check if projet have .git-crypt
+    else warn this project does have gc setup
+
+
+TODO
+- start a new git repo to test gc 
+- create key as new user on new computers to ensure how_to_use_gitcrypt.md is correct
 
 _______________________________________________________________________________________
 _______________________________________________________________________________________
@@ -595,6 +617,64 @@ function gitio { # User_
   esac
 }
 
+function gc { # User_
+  Condition_Attr_3_Must_Be_Empty
+
+  if [[ "${input_2}" == "on" ]]; then
+    gc_on
+  elif [[ "${input_2}" == "off" ]]; then
+    gc_off
+  elif [[ "${input_2}" == "s" ]]; then
+    gc_status
+  elif [[ "${input_2}" == "k" ]]; then
+    gc_keys
+  elif [[ "${input_2}" == "h" ]]; then
+    gc_help
+  elif [[ "${input_2}" == "not_set" ]]; then
+    _doc_name="fct_gc_next.md" && Show_Docs
+    input_2="not_set"   #reset input_2
+    read -r user_input;
+    case ${user_input} in
+      1 | on | un) gc_on;;
+      2 | off | lock) gc_off;;
+      3 | s | status) gc_status;;
+      4 | l | list) gc_list;;
+      5 | h | help) gc_help;;
+      *) my_message="Aborted" && Print_Gray;;
+    esac
+  else
+    my_message="FATAL: The command does not exist." && Print_Fatal
+  fi
+}
+### CHILD FUNCTIONS
+    function gc_on { # Child_
+      Condition_No_Commits_Pending
+      git-crypt unlock
+      # clear the warning. See https://github.com/firepress-org/bashlava/issues/40
+      clear
+      my_message="git-crypt unlocked your files/dir." && Print_Green
+      file "$(git-crypt status -e | head -1 | awk '{print $2}')"
+    }
+    function gc_off { # Child_
+      Condition_No_Commits_Pending
+      git-crypt lock
+      my_message="git-crypt locked your files/dir." && Print_Green
+      file "$(git-crypt status -e | head -1 | awk '{print $2}')"
+    }
+    function gc_status { # Child_
+      git-crypt status -e && echo
+      git-crypt status -u && echo
+      git-crypt status -f
+      file "$(git-crypt status -e | head -1 | awk '{print $2}')"
+    }
+    function gc_keys { # Child_
+      gpg --list-keys
+    }
+    function gc_help { # Child_
+      clear
+      _doc_name="help_gitcrypt.md" && Show_Docs
+    }
+
 ### ### ### ### ### ### ### ### ### ### ### ### ### ### ### ### #
 #
 # Show

docs/fct_gc_next.md

@@ -0,0 +1,8 @@
+🚀 What do you want to do next?
+
+- `1` ... |`on`unlock (decrypt)
+- `2` ... |`off`lock (crypt)
+- `3` ... |`s`status about files
+- `4` ... |`k`show gpg keys
+- `5` ... |`h`help about git-crypt
+- `q` ... | quit

docs/help.md

@@ -18,13 +18,14 @@
 - `v` ....... |`version`code .......................... | _standalone_ or usage: v 1.4.2
 - `t` ....... |`tag` .................................. | _standalone_
 - `r` ....... |`release` and open GUI on GitHub ....... | _standalone_
-- `d` ....... |`dummy` commits ........................ | _standalone_
+- `d` ....... |`dummy`commits ......................... | _standalone_
 
 **more commands**
 
 - `s` ....... |`show`every functions per categories ... | _standalone_
 - `h` ....... |`help`.................................. | _standalone_
 - `test` .... |`test`if bashLaVa works properly ....... | _standalone_
+- `gc` ...... | git-crypt utility ..................... | _standalone_ or usage: gc on
 - `l` ....... | show`log`.............................. | _standalone_
 - `sv` ...... | show`version`.......................... | _standalone_
 - `oe` ...... | check`out`edge ......(does not fetch) . | _standalone_

docs/help_gitcrypt.md

@@ -0,0 +1,210 @@
+```
+              _          _
+  __ _  ___  | |__   ___| |_ __
+ / _` |/ __| | '_ \ / _ \ | '_ \
+| (_| | (__  | | | |  __/ | |_) |
+ \__, |\___| |_| |_|\___|_| .__/
+ |___/                    |_|
+```
+
+# Install git-crypt on Mac
+
+I use Mac OS (M1) 12.3.1.
+
+```
+brew install git-crypt gnupg
+git-crypt version
+
+>>
+git-crypt 0.7.0
+```
+
+Also install the GUI - https://gpgtools.org/
+
+# Method #1
+
+One commun symetric key for everybody. (Less secure over time.)
+
+## Set up the repository to use git-crypt
+
+Let's create a Symetric key (basic set up)
+Let's export the key
+
+```
+git-crypt init
+
+git-crypt export-key ~/Documents/.../git-crypt-key
+```
+
+## Set up rules
+
+Create file `.gitattributes` at the root of your project.
+
+Here is my template:
+
+```
+### DO encrypt these:
+secret*/** filter=git-crypt diff=git-crypt
+# files to encrypt by default
+**.key filter=git-crypt diff=git-crypt
+
+### DO NOT encrypt these:
+.gitattributes !filter !diff
+.gitignore !filter !diff
+node_modules/** !filter !diff
+Dockerfile !filter !diff
+LICENSE !filter !diff
+README.md !filter !diff
+
+# /private is part of .gitignore so we do not encrypt it
+private/** !filter !diff
+```
+
+## Status, see what is encrypted (or not)
+
+```
+git-crypt status -e && echo
+git-crypt status -u && echo
+git-crypt status -f
+
+>>
+encrypted: secrets/contract_2022_05_01.md
+encrypted: secrets/list.txt
+encrypted: secrets/token_aws.key
+encrypted: secrets/token_do.key
+
+not encrypted: .bashlava_env_override.sh
+not encrypted: .git-crypt/.gitattributes
+not encrypted: .git-crypt/keys/default/0/9D99B155628F9AC9DDD9ED8B8A4F19B6D38E7253.gpg
+not encrypted: .gitattributes
+not encrypted: .gitignore
+not encrypted: Dockerfile
+not encrypted: LICENSE
+not encrypted: README.md
+not encrypted: docs/DUMMY.md
+```
+
+Confirm our file is uncrypted:
+
+```
+cat api.key
+
+>
+b9dd2892257ffb0ce4e6fd0cdf202f131a03afd17769feabe9effaca265e98be
+```
+
+## Lock the projet
+
+Lock our projet and confirm our file is crypted:
+
+```
+git-crypt lock && cat api.key
+
+>>
+File: secrets/token_aws.key <BINARY>
+```
+
+## UnLock the projet (symetric key)
+
+```
+git-crypt unlock ~/Documents/.../git-crypt-key
+```
+
+## Re-use key in other git repo
+
+To use an existing key file, just use git-crypt unlock instead of git-crypt init when you set up your git repository to use git-crypt, like this:
+
+```
+mkdir my-other-project # At the same directory level as myproject
+cd my-other-project
+git init
+echo "Something" > file.txt
+git add file.txt
+git commit -m "initial commit"
+
+git-crypt unlock ~/Documents/.../git-crypt-key
+```
+
+# Method #2 using public/private keys
+
+You should use public/private keys which is much more secure.
+
+## As a USER_DEV
+
+As a USER_DEV must create a key
+`gpg --gen-key`
+
+As a USER_DEV, check the gpg keys
+`gpg --list-keys`
+
+As a USER_DEV, check the gpg keys and list the keys and copy the key ID (KEY_ID ex: 9F9VD135y67289ACGGD349E8S345TSRY4ECC53):
+
+`gpg --list-keys`
+
+As a USER_DEV, print the public key and pass it to the admin that will be granting the permissions to git-crypt:
+`gpg --export --armor $KEY_ID`
+
+As a USER_DEV, export key as file:
+
+```
+cd ~/Documents/.../pascalandy
+gpg --output public.pgp --armor --export [email protected]
+```
+
+## As an ADMIN (git repo owner)
+
+As an ADMIN import USER_DEV
+
+```
+file ~/Documents/.../pascalandy/public.pgp
+gpg --import ~/Documents/.../pascalandy/public.pgp
+```
+
+As an ADMIN, import USER_DEV within the git repo:
+
+```
+cd ~/Documents/.../mycrypt
+git-crypt add-gpg-user --trusted [email protected]
+
+>>
+andy16@andy16-2:~/Documents/.../mycrypt|master ⇒ cd ~/Documents/.../mycrypt
+andy16@andy16-2:~/Documents/.../mycrypt|master ⇒ git-crypt add-gpg-user --trusted [email protected]
+[master db3e97f] Add 1 git-crypt collaborator
+2 files changed, 4 insertions(+)
+create mode 100644 .git-crypt/.gitattributes
+create mode 100644 .git-crypt/keys/default/0/9F9VD135y67289ACGGD349E8S345TSRY4ECC53.gpg
+```
+
+# Conclusion
+
+Symetric steup: It's a good idea to have ../git-crypt-key as an absolut path to you can encrypt everything from anywhere on your computer.
+
+## Bonus
+
+export/backup your keys:
+
+```
+gpg --output public.pgp --armor --export [email protected]
+gpg --output private.pgp --armor --export-secret-key [email protected]
+```
+
+source: https://unix.stackexchange.com/a/482559
+
+## Great references
+
+- https://hackernoon.com/things-you-must-know-about-git-crypt-to-successfully-protect-your-secret-data-kyi3wi6
+- https://buddy.works/guides/git-crypt
+- https://medium.com/@ahmed.kamel/git-crypt-unattended-unlock-with-gpg-passphrase-in-docker-f0aa39b85a
+
+## What is great
+
+- The major advantage with a tool like git-crypt is that even if locally you can see all your encrypted files,
+  when your commit to your git repo, these secrets ARE ALWAYS ENCRYPTED. You cant mess up once you define which DIR files should be a secret.
+- easy symetric key OR gpg user access management
+
+## Key rotation
+
+- No key rotation tool build in, but folks have create script to do just that
+- https://github.com/AGWA/git-crypt/issues/47
+
+See this doc online: https://github.com/firepress-org/bashlava/tree/main/docs/help_gitcrypt.md

docs/next_move_fct_mrg.md

@@ -4,6 +4,4 @@
 - `2` ... |`t`
 - `3` ... |`e`
 - `4` ... |`ci`
-- `8` ... |`vt` (combined)
-- `9` ... |`a` (WIP will allow the user to: v + t + r + e in one step)
 - `q` ... | quit