Using git-crypt in Azure Devops

Question

I am trying to install git-crypt and do git-crypt unlock ADO library securefile. I am unable to install git crypt in pipeline. Which is the idle place to install and decrypt files in ADO Pipeline. There is not much microsoft documents available regarding git-crypt.

Answer 1

What agent are you using to run the pipeline? Microsoft-hosted agents or self-hosted agents?

And what is the OS of the agent you are using? Ubuntu, macOS or Windows?

You can try the following command lines to install git-crypt:

• On Linux

  apt-get install -y git-crypt
  sudo apt-get install gnupg
  

• On macOS

  brew install git-crypt
  brew install gpg
  

• On windows

  git-crypt should build on Windows with MinGW, although the build system is not yet finalized so you will need to pass your own CXX, CXXFLAGS, and LDFLAGS variables to make.

Related articles as reference:

• git-crypt/INSTALL.md
• How to secure sensitive data with git-crypt

Answer 2

In my case we unlock with a private GPG key, that I store as a Library Secure File named gpgPrivateKey.

• The first task downloads this private key file.
• The second task installs dependencies, adds the GPG keyfile and run git-crypt unlock

- job: GitCryptUnlock
  steps:
    - task: DownloadSecureFile@1
      name: gpgPrivateKeyFile
      displayName: "Download GPG private key"
      inputs:
        secureFile: gpgPrivateKey
    - task: Bash@3
      displayName: "GitCrypt Unlock"
      inputs:
        targetType: "inline"
        script: |
          sudo apt-get update
          sudo apt-get install git-crypt gnupg
          gpg --batch --import $(gpgPrivateKeyFile.secureFilePath)
          git-crypt unlock