git-crypt-hook

Decrypts git-crypt-encrypted sources as part of postUnpack.

userSetupScript runs after unpacking, so you have to use preUnpack to write the private key.

Example:

effects.mkEffect {
  src = lib.cleanSource ./.;
  inputs = [ effects.git-crypt-hook ];
  preUnpack = ''
    writeGPGKey git-crypt
  '';
  secretsMap.git-crypt = "default-gpg";

The src attribute must include:

  • the .git-crypt at the root

  • the .gitattributes files

See also