[H-SASIG] Passwords and secrets
Raymond Smith
raymond at storybridge.org
Mon Dec 21 04:40:57 EST 2009
Hi Greg,
2009/12/21 Greg Black <gjb at yaxom.com>:
> On 2009-12-21, Raymond Smith wrote:
>> 2009/12/21 Greg Black <gjb at yaxom.com>:
>> I suggested RCS because I can see how we could easily encrypt the file
>> and the commit history. Perhaps similar things are possible using
>> Mecurial, but I am not familiar enough to know how we would go about
>> encrypting a single file and its history.
>
> But, since I had already said it was simple for all the revision
> control systems I mentioned, surely that might have provided a
> clue. I have checked. It is simple. In each case, there's a
> directory in the same place as the file (.hg for Mercurial,
> equally obvious names for the others) which contains all the
> revision control data and history, etc. A tar backup of that is
> extremely trivial.
Having re-read your earlier email more carefully I see I
misunderstood. A separate Mercurial "repository"/.hg directory with
both encrypted will do the trick. I thought you were talking about
using the same Mercurial repository as /etc. My bad.
So, let me summarise my understanding of what will be done:
1. Under /usr/local/doc/humbug-secrets
1. humbug-secrets.txt: the file of goodies
2. .hg: Mercurial repository
3. gpg-keys: the keys that can access the secrets and Mercurial Repository
2. A shell script will exist to make it easy to access the file
3. /usr/local/doc/humbug-secrets will NOT be part of the unencrypted
backup, it WILL be part of the encrypted backup.
All of which sounds good to me.
Cheers,
Raymond
More information about the Sasig
mailing list