Encrypted Git remotes with git-remote-gcrypt

Posted on April 25, 2019 by Vi

The Problem

The problem I was facing lately was quite simple.
I use vimwiki to keep my notes organized. Now, I want to synchronize my notes with other devices, having them available wherever I might need them. Since vimWiki stores plaintext files in a folder, that sounds like a perfect job for git.
Now, I like to have my git-repos accessible from the internet. That leaves me with the problem of storing my personal notes in plaintext on a server in someone else’s datacenter.

The Solution

Searching allover the internet for a solution that doesn’t involve some extra sync-client (like a VeraCrypt-Container in a dropbox) and that doesn’t break the ability to cleanly solve conflicts between edits on different devices I found git-remote-gcrypt.
This nice little tool let’s you have pgp-encrypted git-remotes, which was exactly what I was looking for.


On Arch-Linux there is an AUR-package available, so no further explanation needed.
On other systems, just use the supplied install.sh -script as mentioned in the project’s readme. Since it’s written in POSIX -shell it should run on every modern OS without problems.


Setting up an encrypted remote

To add a git-remote as an encrypted one, just prefix it’s git-uri with gcrypt::, like this:

Setting up keys

In order for gcrypt to properly encrypt your data you should configure the proper keys in the local repository’s config. Here is an example:

This will make gcrypt encrypt the remote for the keys key1 and key2.

A word of warning

Since every push on the remote is effectively a force-push, make sure to always pull before you push!

Using a plain git-uri (like GitHub or similar do) to push-access your repository effectively transfers the whole repository-content on every push. For larger repo, consider to choose a server that supports rsync-transfer or similar.

First Impressions

I have been playing around with this tool for quite some time now, testing different use-cases. It definitely has it’s place on my toolbelt now.