there should be a command to change the encryption secret on the fly
# changes the encryption secret for all contexts (if not explicitly set in a custom context, see example below)
git secrets set global-secret <newSecretName># changes the encryption secret for a specific context
git secrets set global-secret <newSecretName> -c <contextName>
# scan in staged files
git secrets scan
# scan in all files added to the git repository (auto excludes git ignores)
git secrets scan -a
# scan and print each scanned filepath
git secrets scan -v
Note: when scanning there should be used all available / accessable contexts. If there is no access to context there should be a warning and it's secrets are skipped
The current commands like encode, decode, add-context, render (--add) are hard to remember and should be more generic:
# Encode a secret and add it to the config (interactive)
git-secrets set secret mySecretKey
# Encode a secret and add it to the config (via --value)
git-secrets set secret mySecretKey --value <plainValue># Set a config entry
git-secrets set config myConfigKey myConfigValue
# Set a encoder secret (interactive)
git-secrets set encoderSecret mySecretKey
# Set a encoder secret via --value
git-secrets set encoderSecret mySecretKey --value <plainValue># Get a encoder secret
git-secret get encoderSecret mySecretKey
# Get a secret and decode it
git-secrets get secret mySecretKey
# Get a config entry
git-secrets get config myConfigKey
# Add context
git-secrets add context myContextName
# Add a file to render
git-secrets add file <fileIn><fileOut>