git-secret-reveal - decrypts all added files.
git secret reveal [-f] [-F] [-P] [-v] [-d dir] [-p password] [pathspec]...
git-secret-reveal - decrypts passed files, or all files considered secret by
Under the hood,
reveal uses the
gpg --decrypt command
and your private key (typically from your personal keyring in your
home directory) to decrypt files.
Therefore, for this operation to succeed, your personal keyring must contain a private key
matching one of the public keys which were used to encrypt the secrets –
i.e., one of the public keys in your repo’s
git-secret keyring when the file was encrypted.
-f - forces gpg to overwrite existing files without prompt. -F - forces reveal to continue even if a file fails to decrypt. -d - specifies `--homedir` option for the `gpg`, basically use this option if you store your keys in a custom location. -v - verbose, shows extra information. -p - specifies password for noinput mode, adds `--passphrase` option for `gpg`. -P - preserve permissions of encrypted file in unencrypted file. -h - shows help.
SECRETS_GPG_COMMANDchanges the default
gpgcommand to anything else
SECRETS_GPG_ARMORis a boolean to enable
--armormode to store secrets in text format over binary
SECRETS_DIRchanges the default
.gitsecret/folder to another name as documented at git-secret(7)
SECRETS_EXTENSIONchanges the default
SECRETS_VERBOSEchanges the output verbosity as documented at git-secret(7)
gpg --pinentrymode as documented at git-secret(7)
man git-secret-reveal to see this document.