git-secret-reveal
git-secret-reveal - decrypts all added files.
SYNOPSIS
git secret reveal [-f] [-F] [-P] [-v] [-d dir] [-p password] [pathspec]...
DESCRIPTION
git-secret-reveal
- decrypts passed files, or all files considered secret by git-secret
.
Under the hood, reveal
uses the gpg --decrypt
command
and your private key (typically from your personal keyring in your
home directory) to decrypt files.
Therefore, for this operation to succeed, your personal keyring must contain a private key
matching one of the public keys which were used to encrypt the secrets –
i.e., one of the public keys in your repo’s git-secret
keyring when the file was encrypted.
OPTIONS
-f - forces gpg to overwrite existing files without prompt.
-F - forces reveal to continue even if a file fails to decrypt.
-d - specifies `--homedir` option for the `gpg`, basically use this option if you store your keys in a custom location.
-v - verbose, shows extra information.
-p - specifies password for noinput mode, adds `--passphrase` option for `gpg`.
-P - preserve permissions of encrypted file in unencrypted file.
-h - shows help.
ENV VARIABLES
SECRETS_GPG_COMMAND
changes the defaultgpg
command to anything elseSECRETS_GPG_ARMOR
is a boolean to enable--armor
mode to store secrets in text format over binarySECRETS_DIR
changes the default.gitsecret/
folder to another name as documented at git-secret(7)SECRETS_EXTENSION
changes the default.secret
file extensionSECRETS_VERBOSE
changes the output verbosity as documented at git-secret(7)SECRETS_PINENTRY
changes thegpg --pinentry
mode as documented at git-secret(7)
MANUAL
Run man git-secret-reveal
to see this document.
SEE ALSO
git-secret-init(1), git-secret-cat(1), git-secret-tell(1), git-secret-add(1), git-secret-hide(1)