=encoding utf8

=head1 Git::Crypt

Git::Crypt - Encrypt/decrypt sensitive files saved on public repos

=head1 SYNOPSIS

=head2 gitcrypt Command line tool
    
 gitcrypt help                    #show gitcrypt help
 gitcrypt init                    #initialize gitcrypt and its config
 gitcrypt set cipher Blowfish     #set a gitcrypt cipher
 gitcrypt set key   "some key"    #set a key
 gitcrypt set salt  "some key"    #set a salt
 gitcrypt change key "new key"    #change key
 gitcrypt change salt "a salt"    #change salt
 gitcrypt list                    #list files
 gitcrypt status                  #show status, files
 gitcrypt add file1-xy lib/file2  #add files in gitcrypt
 gitcrypt del file1-ab lib/tests  #del files in gitcrypt
 gitcrypt encrypt                 #set files on encrypted state
 gitcrypt encrypt file1 file2     #encrypt specific files
 gitcrypt decrypt                 #set files on decrypted state
 gitcrypt decrypt file1 file2     #decrypt specific files
 gitcrypt precommit               #encrypt for precommit hook. Then decrypt

=head2 git hooks integration

To integrate in git, use git hooks. Use pre-commit to encrypt and add the encrypted file for commit. And post-commit to keep files decrypted.

=head3 Standard git hooks

=head4 .git/hooks/pre-commit [with encrypt and decrypt]

Auto encrypt every file and set them for commit. The following script will be called upon 'git commit .' command.

 $ file=.git/hooks/pre-commit ; cat <<HOOK > $file && chmod +x $file
 #!/usr/bin/env perl
 `gitcrypt precommit`;
 exit 0;
 HOOK

If used gitcrypt precommit the files will be encrypted during commit and decrypted right after.

This mode works good if only some files are encrypted and others are always decrypted. But all must be encrypted for commit.

Another option, is to encrypt everything with "gitcrypt encrypt". And use a post-commit hook to decrypt everything [optional].

=head4 .git/hooks/pre-commit [encrypt only]

 $ file=.git/hooks/pre-commit ; cat <<HOOK > $file && chmod +x $file
 #!/usr/bin/env perl
 `gitcrypt encrypt`;
 exit 0;
 HOOK

=head4 .git/hooks/post-commit

Auto decrypt every file after commit executed. * If precommit hook uses gitcrypt precommit, then this is not necessary because "gitcrypt precommit" will decrypt files automatically. 

 $ file=.git/hooks/post-commit; cat <<HOOK > $file ; chmod +x $file
 #!/usr/bin/env perl
 `gitcrypt decrypt`;
 exit 0;
 HOOK

=head3 Using Git::Hooks

 $ f=.git/hooks/githooks.pl ; cat <<HOOKS > $f; chmod +x $f
 #!/usr/bin/env perl
 use Git::Hooks;
 PRE_COMMIT {
     my ($git) = @_;
     `gitcrypt precommit`;
 };
 run_hook($0, @ARGV);
 HOOKS

 $ cd .git/hooks; ln -s githooks.pl pre-commit

=head2 Provide the cipher instance

  my $gitcrypt = Git::Crypt->new(
      files => [
          {
              file => 'file1',
              is_encrypted => 0,
          },
          {
              file => 'file2',
              is_encrypted => 0,
          },
      ],
      cipher => Crypt::CBC->new(
          -key      => 'a very very very veeeeery very long key',
          -cipher   => 'Blowfish',
          -salt     => pack("H16", "very very very very loooong salt")
      )
  );

  #gitcrypt->add([qw| file1 file2 |]);
  #gitcrypt->del([qw| file1 file2 |]);
  #gitcrypt->list;
  #gitcrypt->key('some key');
  #gitcrypt->salt('some key');
  $gitcrypt->crypt;     #save files encrypted
  $gitcrypt->decrypt;   #save files decrypted

=head2 Provide key, salt and cipher name

  my $gitcrypt = Git::Crypt->new(
      files => [
          {
              file => 'file1',
              is_encrypted => 0,
          },
          {
              file => 'file2',
              is_encrypted => 0,
          },
      ],
      key         => 'a very very very veeeeery very long key',
      cipher_name => 'Blowfish',
      salt        => pack("H16", "very very very very loooong salt")
  );

  #gitcrypt->add([qw| file1 file2 |]);
  #gitcrypt->del([qw| file1 file2 |]);
  #gitcrypt->list;
  #gitcrypt->key('some key');
  #gitcrypt->salt('some key');
  $gitcrypt->crypt;     #save files encrypted
  $gitcrypt->decrypt;   #save files decrypted

=head1 DESCRIPTION

Git::Crypt can be used to encrypt files before a git commit. That way its possible to upload encrypted files to public repositories.
Git::Crypt encrypts line by line to prevent too many unnecessary diffs between encrypted commits.

=head1 Diff on encrypted lines

Since gitcrypt encrypts line by line, the diff can show wether its a big/small changes in commit.

 index b1202fc..6c2f3e6 100644
 --- a/lib/App/Crypted/CreditCard.pm
 +++ b/lib/App/Crypted/CreditCard.pm
 @@ -14,25 +14,29 @@ U2FsdGVkX19iyl3d3d3d3UjtB1nkCoDP
  U2FsdGVkX19iyl3d3d3d3T3HmAPM6gbK
  U2FsdGVkX19iyl3d3d3d3XVxkdxldN7U
  U2FsdGVkX19iyl3d3d3d3X49YqpLm/iZ+Y1xf1iU/BDvVc5ipe6ZgQ==
 -U2FsdGVkX19iyl3d3d3d3Ut9C6nKtOzc
 -U2FsdGVkX19iyl3d3d3d3Ut9C6nKtOzc
 -U2FsdGVkX19iyl3d3d3d3Ut9C6nKtOzc
 -U2FsdGVkX19iyl3d3d3d3Ut9C6nKtOzc
 -U2FsdGVkX19iyl3d3d3d3Ut9C6nKtOzc
 -U2FsdGVkX19iyl3d3d3d3Ut9C6nKtOzc
 -U2FsdGVkX19iyl3d3d3d3Ut9C6nKtOzc
 -U2FsdGVkX19iyl3d3d3d3Ut9C6nKtOzc
 -U2FsdGVkX19iyl3d3d3d3Ut9C6nKtOzc
 -U2FsdGVkX19iyl3d3d3d3Ut9C6nKtOzc
 -U2FsdGVkX19iyl3d3d3d3Ut9C6nKtOzc
 -U2FsdGVkX19iyl3d3d3d3Ut9C6nKtOzc
 -U2FsdGVkX19iyl3d3d3d3Ut9C6nKtOzc
 -U2FsdGVkX19iyl3d3d3d3Ut9C6nKtOzc
 -U2FsdGVkX19iyl3d3d3d3Ut9C6nKtOzc
 +U2FsdGVkX19iyl3d3d3d3Tz+ZxmSz/rxgEmpWYlLzsk=
 +U2FsdGVkX19iyl3d3d3d3Tz+ZxmSz/rxgEmpWYlLzsk=
 +U2FsdGVkX19iyl3d3d3d3Tz+ZxmSz/rxgEmpWYlLzsk=
 +U2FsdGVkX19iyl3d3d3d3Tz+ZxmSz/rxgEmpWYlLzsk=
 +U2FsdGVkX19iyl3d3d3d3Tz+ZxmSz/rxgEmpWYlLzsk=
 +U2FsdGVkX19iyl3d3d3d3Tz+ZxmSz/rxgEmpWYlLzsk=
 +U2FsdGVkX19iyl3d3d3d3Tz+ZxmSz/rxgEmpWYlLzsk=
 +U2FsdGVkX19iyl3d3d3d3Tz+ZxmSz/rxgEmpWYlLzsk=
 +U2FsdGVkX19iyl3d3d3d3Tz+ZxmSz/rxgEmpWYlLzsk=
 +U2FsdGVkX19iyl3d3d3d3Tz+ZxmSz/rxgEmpWYlLzsk=
 +U2FsdGVkX19iyl3d3d3d3Tz+ZxmSz/rxgEmpWYlLzsk=
 +U2FsdGVkX19iyl3d3d3d3Tz+ZxmSz/rxgEmpWYlLzsk=
 +U2FsdGVkX19iyl3d3d3d3Tz+ZxmSz/rxgEmpWYlLzsk=
 +U2FsdGVkX19iyl3d3d3d3Tz+ZxmSz/rxgEmpWYlLzsk=
 +U2FsdGVkX19iyl3d3d3d3Tz+ZxmSz/rxgEmpWYlLzsk=
  U2FsdGVkX19iyl3d3d3d3Tz+ZxmSz/rx2ego3EqSeUk=
  U2FsdGVkX19iyl3d3d3d3Tz+ZxmSz/rxsn4D6bxrGww=
  U2FsdGVkX19iyl3d3d3d3Tz+ZxmSz/rxsn4D6bxrGww=
  U2FsdGVkX19iyl3d3d3d3Tz+ZxmSz/rx2ego3EqSeUk=
  U2FsdGVkX19iyl3d3d3d3T3HmAPM6gbK
  U2FsdGVkX19iyl3d3d3d3XVxkdxldN7U
 +U2FsdGVkX19iyl3d3d3d3T0XLptL7y1QEx/u7OaQVy2BZbX3SM7f2w==
 +U2FsdGVkX19iyl3d3d3d3erugupayFMCneYosuHZNbl3jV0GvJ1HDg==
 +U2FsdGVkX19iyl3d3d3d3T3HmAPM6gbK
 +U2FsdGVkX19iyl3d3d3d3XVxkdxldN7U
  U2FsdGVkX19iyl3d3d3d3X/cRzzeMPXS

=head1 AUTHOR

 Hernan Lopes
 CPAN ID: HERNAN
 perldelux
 hernanlopes@gmail.com
 http://www.perldelux.com

=head1 COPYRIGHT

This program is free software; you can redistribute
it and/or modify it under the same terms as Perl itself.

The full text of the license can be found in the
LICENSE file included with this module.


=head1 SEE ALSO

perl(1).

=cut

1;