mirror of
https://github.com/gopasspw/gopass.git
synced 2025-12-08 19:24:54 +00:00
882d06e001
* feat: Add cryptfs storage backend for filename encryption This commit introduces a new storage backend called `cryptfs`. This backend encrypts the filenames of secrets to enhance privacy while maintaining compatibility with existing VCS backends like Git. Key features: - For each secret, a cryptographically secure hash (SHA-256) of its name is generated and used as the filename for the underlying storage. - A mapping from the original secret name to the hashed filename is maintained in an encrypted file (`.gopass-mapping.age`) within the repository. - The mapping file is encrypted using the `age` encryption backend, with recipients read from the store's `.age-recipients` file. - The `cryptfs` backend is implemented as a wrapper around any existing storage backend (e.g., `gitfs`, `fs`), which can be configured by the user. - The backend is registered with gopass and can be enabled by setting `storage: cryptfs` in the store's configuration. This implementation addresses issue #2634. * [fix] Fix lint errors Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org> * [chore] Fix the remaining tests and add some docs. Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org> --------- Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org> Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> Co-authored-by: Dominik Schulz <dominik.schulz@gauner.org>
6 lines
386 B
Markdown
6 lines
386 B
Markdown
# cryptfs storage backend
|
|
|
|
The `cryptfs` backend is an experimental storage backend **PREVIEW**. It hashes secret names and stores the mapping from names to actual file inside an `age` encrypted lookup table. The filesystem backing this storage backend is flexible, but by default uses `gitfs`.
|
|
|
|
**WARNING**: Do not use unless you want to contribute to the development of this backend!
|