Get startedSign in

Sharing Your Git Repositories

How to securely share a Plural workspace and Git repository with a collaborator.

Plural reimplements git-crypt in its management of secret data within git. This provides transparent file access to users with the repo's AES key, along with full support for tooling like local diffs, while still providing full obfuscation of secret data when pushed to remote.

The encryption key is automatically generated by Plural and stored in Plural's config directory ~/.plural. We provide commands for importing/exporting the key, as well as a mechanism for sharing the repo with multiple users using the successor to PGP, age.

Sharing a Plural Git Repository

Register a public key

To register a key for your current machine, run:

plural crypto setup-keys --name <name-for-key-pair>

This will generate a new keypair and automatically register the public key with the Plural API. You should be able to see it listed here in our web app and the keypair will be stored in ~/.plural/identity.

If the user has not set up their plural cli yet, they'll need to run plural login to set up a local access token for your cli and other config files before running plural crypto setup-keys.

Share the repository

To share a repo, use the following command:

plural crypto share --email <email1> --email <email2>
Info:

--email refers to a user's email associated with their Plural account

This will do a few things:

  • create a base identity to encrypt the repo's current AES key and store it in a git-ignored place under ${REPO_ROOT}/.plural-crypt.
  • register all the users who have access in a yaml file under ${REPO_ROOT}/.plural-crypt
  • encrypt the file using all this information and store it under ${REPO_ROOT}/.plural-crypt

If you have the Plural Console deployed, run:

plural build --only console
plural deploy
git add . && git commit -m "set up encryption"
git push

Decrypt the repository

There are two ways the person you shared encryption can decrypt the repository. The simplest is to use the plural clone command:

plural clone git@github.com:your/repository.git

This will both run a standard git clone and then the following commands:

plural crypto init
plural crypto unlock

If you chose to run a standard `git clone``, the above commands would still be required.

Edit on Github