gitsign
age
gitsign | age | |
---|---|---|
10 | 214 | |
899 | 15,298 | |
0.7% | - | |
9.1 | 4.9 | |
3 days ago | 11 days ago | |
Go | Go | |
GNU General Public License v3.0 or later | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gitsign
-
Gittuf ā a security layer for Git using some concepts introduced by TUF
> does it also filter/escape ANSI Sequences in messages and author names?
Not at present! Do you have a link or so I could use to familiarize myself? I'm curious if it'd fall within gittuf's scope.
> does it block garbage collection?
Nope, it doesn't. That said, the repository will have more objects, gittuf tracks additional objects through custom refs in `refs/gittuf/`.
> how do you ensure that the developers are really the developers and there's no spoofing?
At present, gittuf policies use signing keys. It doesn't rely on the commit metadata for author and committer but rather the commit's signature. We support GPG and Sigstore's gitsign [0] right now, and we want to support other signing mechanisms like SSH keys as well.
[0] https://github.com/sigstore/gitsign
-
Signing Git Commits with Your SSH Key
You may want to check out https://github.com/sigstore/gitsign! You can generate ephemeral x509 code signing certs for free using Sigstore.
(disclosure: I'm a maintainer for gitsign)
-
A toolbox for a secure software supply chain
Def check out the gitsign project mentioned in the post: https://github.com/sigstore/gitsign
-
Enable Gitsign Today and Start Signing your Commits
Gitsign offers a keyless commit signing implementation based on OIDC, which is an identity layer built on top of the OAuth 2.0 framework. Gitsign supports verifying your identity either through GitHub, Microsoft, or a Google account.
-
SSH commit verification now supported
Shameless plug for the gitsign project in sigstore: https://github.com/sigstore/gitsign
This isn't supported by GitHub yet but we're hopefully working towards that too.
- sigstore/gitsign: Keyless Git signing using Sigstore
- Keyless Git signing with Sigstore!
-
Gitsign
We used to actually run an RFC3161 timestamp server in addition to the transparency log but recently turned it down because no one was using it. I'd like to bring it back for stuff like this.
https://github.com/sigstore/gitsign/issues/22
age
-
keepsecret.py: a simple way to encrypt secret files in your repository
age
- Age: A simple, modern and secure encryption tool
-
Joining ChatCraft.org
and echoing the result after converting to an age private key
-
What is the point of a public key fingerprint?
I like that https://github.com/FiloSottile/age has small public keys.
-
OpenPGP Forked into "LibrePGP" by GnuPG's Maintainer Werner Koch
> something fresh
It exists, it's called age..
Some random links
https://github.com/FiloSottile/age
https://www.reddit.com/r/crypto/comments/hr64hr/state_of_age...
https://github.com/FiloSottile/age/discussions/432
> (Acquiring keys, rotating keys, identifying compromised keys, and most importantly either reaches a large enough percentage of emails..
Oh nevermind, age doesn't do any of that. Indeed, it doesn't even do email https://github.com/FiloSottile/age/issues/93
-
An opinionated template for deploying a single k3s cluster with Ansible backed by Flux, SOPS, GitHub Actions, Renovate, Cilium, Cloudflare and more!
Encrypted secrets thanks to SOPS and Age
-
Prettier $20k Bounty was Claimed
I never heard of "Age" before this post. Thank you to share. If others are interested to learn more, here are two other interesting posts about Age:
https://github.com/FiloSottile/age/discussions/432
https://words.filippo.io/dispatches/age-authentication/
-
Cosmopolitan Third Edition
of all things I was able to resolve the issue via this github issue: https://github.com/FiloSottile/age/issues/370#issuecomment-1...
-
Would you trust a repository made like this to save your secrets?
Why keep something secret on a public repo? Is that not an oxymoron?
Also, Iām terms of encryption something like age[0] makes it much easier to not shoot yourself in the foot.
[0] https://github.com/FiloSottile/age
-
Looking For Encryption App
Why RSA specifically? For backups, I recommend Tarsnap. But if you really don't want to pay for encrypted cloud hosting, then check out age encryption.
What are some alternatives?
smimesign - An S/MIME signing utility for use with Git
sops - Simple and flexible tool for managing secrets
git-ts - Git TimeStamp Utility
Picocrypt - A very small, very simple, yet very secure encryption tool.
github - Just a place to track issues and feature requests that I have for github
rage - A simple, secure and modern file encryption tool (and Rust library) with small explicit keys, no config options, and UNIX-style composability.
SignTools - ā A free, self-hosted platform to sideload iOS apps without a computer
age-plugin-yubikey - YubiKey plugin for age
community - Public feedback discussions for: GitHub Mobile, GitHub Discussions, GitHub Codespaces, GitHub Sponsors, GitHub Issues and more!
minisign - A dead simple tool to sign files and verify digital signatures.
cargo-vet - supply-chain security for Rust
OpenKeychain - OpenKeychain is an OpenPGP implementation for Android.