docs: Update git-crypt key management instructions and pre-commit check

This commit is contained in:
Matteo Cherubini 2026-05-09 11:34:20 +02:00
parent f8f950fd7a
commit 4ed7b8edd0
3 changed files with 24 additions and 7 deletions

View file

@ -16,7 +16,7 @@ gcrypt_export_key() {
mkdir -p "${KEYS_DIR}"
git-crypt export-key "$key_path"
success "Symmetric key exported to: $key_path"
warn "Action required: Store this key in Vaultwarden and remove it from local disk."
warn "Action required: store this key in Vaultwarden and delete it from disk."
}
gcrypt_verify() {
@ -162,9 +162,16 @@ gcrypt_print_key_instructions() {
echo " Name: \"${genome_name} key\""
echo " Note: <paste the base64 string>"
echo ""
echo " 3. For AI Server / Runtime Injection:"
echo " export BW_SESSION=\$(bw unlock --raw)"
echo " 3. Delete from disk:"
echo " rm ${KEYS_DIR}/${genome_name}.key"
echo ""
echo " 4. Runtime injection on AI server (no key on disk):"
echo " bw config server ${v_url}"
echo " export BW_SESSION=\$(bw unlock --passwordenv BW_MASTER_PASSWORD --raw)"
echo " git-crypt unlock <(bw get notes \"${genome_name} key\" --session \"\$BW_SESSION\" | base64 -d)"
echo ""
echo " NOTE: use 'bw' (standard Bitwarden CLI), NOT 'bws'."
echo " 'bws' is the Secrets Manager CLI and does not work with Vaultwarden."
}
gcrypt_print_runtime_model() {
@ -181,13 +188,13 @@ gcrypt_print_runtime_model() {
echo " smudge filter. Obsidian reads them as normal Markdown."
echo ""
echo " On the AI VM:"
echo " Same as laptop when unlocked. Use runtime injection (step 5"
echo " above) so the key is never written to disk."
echo " Same as laptop when unlocked. Use runtime injection so the"
echo " key is never written to disk."
echo ""
echo " Limitation:"
echo " Encryption does NOT protect against a full server compromise"
echo " where an attacker has root access to a machine where the repo"
echo " is already unlocked. Runtime injection mitigates this."
echo " where an attacker has root access to an already-unlocked repo."
echo " Runtime injection mitigates this risk."
echo " ─────────────────────────────────────────────────────────────"
echo ""
}

View file

@ -38,6 +38,9 @@ current prompt, you MUST operate in `disabled` mode. Never infer or assume the v
- **Never leak private synthesis into public `wiki/concepts/` or `wiki/sources/`.**
- Prefix every response that draws on private data with: `[PRIVATE DATA INCLUDED]`
### Pre-commit failures:
If a commit is rejected by the pre-commit hook with a **"PLAINTEXT LEAK DETECTED"** warning, **DO NOT** attempt to bypass it with `--no-verify`. Stop the session and ask the operator to verify the encryption state and `.gitattributes`.
### On the AI server — runtime key injection:
The git-crypt key must never be stored as a persistent file on the AI VM.
```bash

View file

@ -10,6 +10,13 @@ set -euo pipefail
PRIVATE_PATTERNS=("raw/private/" "wiki/private/")
FAILED=0
# Check on git-crypt
if [[ ! -d ".git-crypt" ]]; then
echo -e "\n\033[0;31m[CRITICAL] git-crypt is not initialized in this repository.\033[0m"
echo "Run 'git-crypt init' and 'make setup' before committing."
exit 1
fi
# Get staged files (excluding deletions)
STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACM 2>/dev/null || true)