Metadata files (see: The Metadata Framework) may be encrypted with a single key.
This allows you to collaborate with others without sharing sensitive data directly (i.e. within your source control system).
The encryption process uses a symmetric block cipher,
The use of AES-256-ECB will become deprecated in a future release with an intended upgrade to AES-256-CBC. An upgrade path will be provided for already encrypted files.
Encryption is referred to as
To pack all your metadata files, invoke the following:
You will be prompted for a Metadata key, which will be used to encrypt your data.
Should you now investigate your
metadata directory, you will see that all your YAML files now have a
If any metadata YAML file already has a .enc counterpart, you will need to provide the same metadata key used to encrypt that file in order to pack all the others.
Commit only your .enc files to source control, and create a workflow around Packing & Unpacking.
Decryption is referred to as
To unpack all your metadata files, invoke the following:
You will be prompted for the same key as was used to Pack your metadata originally.
Should there be any differences between your .enc metadata files and their .yml counterparts during unpacking, you will prompted for confirmation before proceeding.
The .yml files would otherwise be overwritten with the decrypted contents.
To see the differences between your encrypted metadata and unpacked metadata, use the following command: