Roots Discourse

Keeping vault safe?

What are best practices for keeping the vault files/secrets in a Trellis repository safe?
git-crypt looks nice but it hadn’t been updated for some years now.

Use git hooks with Husky to prevent committing the unencrypted vault file.

Unfortunately a pre-receive hook is not available on GitHub.com. But you could still use a GitHub Action that would trigger an alert and do other things if unencrypted data is committed.

1 Like