Quick Start
Configure and enable GitLocker secure encryption for your Git repository in under 5 minutes.
This tutorial will guide you to configure and enable GitLocker strong encryption for your local Git repository in under 5 minutes.
Prerequisites
- Install Client: Ensure you have downloaded and installed the GitLocker client program, and that the
gitlcommand is added to your system environment variable PATH. - Initialize Git Repo: Enter your local project directory that needs to be encrypted:
cd /path/to/your/repo git init
Step 1: One-command Initialization
Run the init command at the root of your local repository:
gitl init
GitLocker will automatically perform the following initialization for you:
- Detect the current repository environment.
- Register GitLocker's
cleanandsmudgefilters, as well as the custommergedriver. - If using the Personal Provider, it will generate a highly random, strong symmetric master key in your local secure credential store.
- Generate the local encryption meta-configuration file
.gitlocker/config.json.
Step 2: Set Encryption Rules
Define the files or directories that require encryption protection using the encrypt command. This is similar to configuring .gitignore.
For example, if you want to encrypt the production config file and all files in the secrets directory:
gitl encrypt "config/production.json" "secrets/**"
After running this command:
- The rules will be automatically appended to the
.gitattributesfile at the root of the repository. - The configuration will look similar to:
config/production.json filter=gitl-filter diff=gitl-diff merge=gitl-merge secrets/** filter=gitl-filter diff=gitl-diff merge=gitl-merge
- You need to commit
.gitattributesto Git:git add .gitattributes git commit -m "Configure GitLocker encryption rules"
Step 3: Transparent Commit and Push
Now that the security boundary is established, in your subsequent work, you can run native Git commands as you normally would!
Add files and commit:
git add config/production.json secrets/api-key.env git commit -m "Secured database secrets"
When you run
git add/git commit, the GitLocker filter automatically intercepts these sensitive files in the staging area and converts them into strong AES-256-GCM ciphertext.Push to remote:
git push origin main
Everything saved on the remote server (such as GitHub) is thoroughly encrypted ciphertext. Anyone who accesses it unauthorized will only see random binary garbage!
Step 4: Local Checkout (Automatic Decryption)
When you (or other team members authorized with the key) pull or check out the code locally:
git checkout main
GitLocker's smudge filter automatically extracts the matching ciphertext upon checkout and transparently decrypts it in your physical workspace. Your editor and development environment will see completely normal plaintext code.
Quick start in 5 minutes completed! Now your Git repository is hardened with military-grade tamper resistance.