aboutsummaryrefslogtreecommitdiff
path: root/share/man/keyringer.1.mdwn
diff options
context:
space:
mode:
Diffstat (limited to 'share/man/keyringer.1.mdwn')
-rw-r--r--share/man/keyringer.1.mdwn8
1 files changed, 4 insertions, 4 deletions
diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn
index 7e79b35..6b7915e 100644
--- a/share/man/keyringer.1.mdwn
+++ b/share/man/keyringer.1.mdwn
@@ -198,23 +198,23 @@ $KEYRING_FOLDER/config/options
Keyringer currently has the following limitations:
-* Metadata is not encrypted, meaning that an attacker with access to a keyringer
+1. Metadata is not encrypted, meaning that an attacker with access to a keyringer
repository knows all public key IDs are used for encryption and which secrets
are encrypted to which keys. This can be improved in the future by encrypting
the repository configuration with support for *--hidden-recipient* GnuPG
option.
-* History is not rewritten by default when secrets are removed from a keyringer
+2. History is not rewritten by default when secrets are removed from a keyringer
repository. After a secret is removed with *del* action, it will still be
available in the repository history even after a commit. This is by design
due to the following reasons:
- 1. It's the default behavior of the Git content tracker. Forcing the
+ - It's the default behavior of the Git content tracker. Forcing the
deletion by default could break the expected behavior and hence limit
the repository's backup features, which can be helpful is someone
mistakenly overwrites a secret.
- 2. History rewriting cannot be considered a security measure against the
+ - History rewriting cannot be considered a security measure against the
unauthorized access to a secret as it doesn't automatically update all
working copies of the repository.