Expand description
§Key Management
This module handles encryption key storage, import, export, and lifecycle management.
§Key Storage
Keys are stored in the git repository’s internal directory:
- Default key path:
.git/git-crypt/keys/default - Format: Raw 32-byte binary data
- Permissions: 0600 on Unix (owner read/write only)
- Never committed: Keys stay in
.git/directory
§Key Operations
- Generate: Create new random 256-bit key
- Save/Load: Persist keys to/from filesystem
- Export: Save key to file for sharing
- Import: Load key from shared file
§Security Considerations
- Keys are stored unencrypted in
.git/git-crypt/ - File permissions are restricted to owner only (Unix)
- Exported key files must be shared securely
- Consider using GPG for team key distribution
§Unit Tests
Run key management tests:
cargo test key::Tests cover:
- Directory path resolution
- Initialization and duplicate detection
- Key generation and persistence
- Export and import workflows
- File permissions (Unix)
- Error handling for missing files
Structs§
- KeyManager
- Key storage and management