Sharing Your Git Repositories
How to securely share a Plural workspace and Git repository with a collaborator.
Plural reimplements git-crypt in its management of secret data within git. This provides transparent file access to users with the repo's AES key, along with full support for tooling like local diffs, while still providing full obfuscation of secret data when pushed to remote.
The encryption key is automatically generated by Plural and stored in Plural's config directory
~/.plural. We provide commands for importing/exporting the key, as well as a mechanism for sharing the repo with multiple users using the successor to PGP, age.
To register a key for your current machine, run:
plural crypto setup-keys --name <name-for-key-pair>
This will generate a new keypair and automatically register the public key with the Plural API. You should be able to see it listed here in our web app and the keypair will be stored in
If the user has not set up their plural cli yet, they'll need to run
plural login to set up a local access token for your cli and other config files before running
plural crypto setup-keys.
To share a repo, use the following command:
plural crypto share --email <email1> --email <email2>
This will do a few things:
- create a base identity to encrypt the repo's current AES key and store it in a git-ignored place under
- register all the users who have access in a yaml file under
- encrypt the file using all this information and store it under
If you have the Plural Console deployed, run:
plural build --only console plural deploy git add . && git commit -m "set up encryption" git push
There are two ways the person you shared encryption can decrypt the repository. The simplest is to use the
plural clone command:
plural clone firstname.lastname@example.org:your/repository.git
This will both run a standard git clone and then the following commands:
plural crypto init plural crypto unlock
If you chose to run a standard `git clone``, the above commands would still be required.