public
/
docs
5
0
Fork 0
Code Issues 9 Pull Requests 3 Packages Projects Releases Wiki Activity
docs/quorum-vault-system/src/component-documents/git-repository-initializati...

1.0 KiB
Raw Blame History

/* ANCHOR: all */

Git Repository Initialization

This document explains how a git repository should be set up in order to guarantee authenticity and non-repudiation of data.

Git is used because it permits cryptographic singing of commits using PGP, as well as historical changes to a set of data.

Procedure: Setting up Repository

// ANCHOR: procedure

  1. Create a git repository using a git system such as Forjego, GitLab, GitHub etc.

  2. Set appropriate permissions to limit who can write to the repository.

    • main branch should be write protected so that merges to that branch can only be done if at least 2 approvals are present

      • The organization may choose to require more approvals based on risk tolerance and operational capacity

    • The merges should be done via CLI signed commits

    • Require that all commits are signed using well known PGP keys

  3. Optionally set up a chron job that periodically pulls the data from the repository as a backup. // ANCHOR_END: procedure /* ANCHOR_END: all */