Encrypting Files in Git

I've been doing plain-text accounting for about 8 months; so, I often find myself copying transactions out of my online bank statement and into a text editor. In an effort to improve this process, I wrote a script.

My script does several things:

  • Formats each transaction
  • Removes unneeded data, retail location IDs or POS-system tags
  • Labels common transactions with the correct labels

Usually I'd put a script like this in my dotfiles repo, but this time I wasn't so sure. The script includes the names of a few places (cities and stores) that I regularly visit, and my dotfiles repo is public. So I didn't want to commit this script for everyone to see. But I did need to share it across several of my machines.

My simple (and I do mean simple) solution was to use gpg to encrypt the file. If you're on MacOS like I am, you can install it via brew install gpg. Then, it's easy to encrypt the file:

> gpg -c my-script.js

You'll be asked to enter a password twice; I used 1Password to generate and store a secure password, and then pasted it in. The result is a new, encrypted file that you can commit. I added the main script to my .gitignore file to be safe:

my-script.js (gitignore this one)
my-scrupt.js.gpg (commit this one)

Then, on my other machine, I can decrypt it with this command:

> gpg my-script.js.gpg

This feels like a light-weight way to easily and securely version control scripts that I'd like to keep private.

A fun next step here would be to integrate the 1Password CLI, so maybe I'll try that soon.