I use GNU Stow to manage my dotfiles on worktations. I am basically using the methodology that Alex Pearce describes. A key difference is that my .dotfiles directory is actually a set of directories in this repository. Additionally, some of the dotfiles are stored here in encrypted form. They are made available to my session by having them mounted in decrypted form at login. Details below. The use of stow and gocryptfs is being phased out.

See Mac-Readme.md or Server-Readme.md or Cloud-Readme.md

• What are these weird unreadable blocks of text in some files?

  Some files are stored here in an encrypted form generated by either ansible-vault for gocryptfs.

  • To encrypt files with ansible-vault: ansible-vault encrypt <file>

  • To view files with ansible-vault: ansible-vault view <file>

  • To mount with gocryptfs: gocryptfs secure.encrypted secure # in the right directory This is being phased out.

• How do you use all these encrypted files then at install and run-time?

  Ansible knows how to unlock ansible-vaults when the playbook is run. The remaining files encrypted with gocryptfs are being phased out.

• Why are you hiding some of your dotfiles?

  My dotfiles are all present in this repo, but some are encrypted. This is because they contain metadata that I'd prefer not be published. If you're looking for dotfile examples, see the many fine repos at https://dotfiles.github.io

• I heared that you should never publish files that have sekrits in them, even if they are encrypted. Why are you doing this?

  While this may be true, I believe that the two different encryption schemes used in this repo (gocryptfs and ansible-vault) are well made. I have selected what I believe to be good phrases and taken appropriate key security. Additionally, the encrypted data contains metadata, such as hostnames that exist behind firewalls or non-obvious repository urls, which if exposed do not represent harm in the manner of a traditional sekrit.