[Benjamin_Dobell]

I've happily been using git-secret (https://sobolevn.me/git-secret/) for encrypting and committing non-critical (i.e. non-production) secrets for a while now. It sounds like Gittuf will do a lot more than git-secret, but for the use case of encrypted files specifically, are there any significant differences in the approach that Gittuf has taken?

[adityasaky]

At present, gittuf's access control policies are centered around _write_ permissions rather than _read_. That said, we want to re-use some of the same policy semantics to build _read_ permissions too. So, you'd use the same mechanism in the policy to determine who can read an object, by their signing key to share the key used to encrypt the secret. We've looked at git-secret, git-crypt, etc. a little and we'd like to integrate with existing tools where possible rather than build anew. With the alpha release coming up soon, we ought to have more time to develop the read permissions side of gittuf.