Web applications use secret keys to connect to lots of important external things like payment systems, emailers, and virtual machines. Committing these secret keys and other pieces of sensitive information in plaintext to a code repository is a generally Bad Idea™. Instead, developers .gitignore sensitive files, and manually put keys directly onto application servers.
That’s fine, until you need to collaborate with another developer who also needs those keys. Safe key sharing is a challenge we had at Dispel (and every other company we’d worked at). We asked around: people end up using a hodgepodge of tools with pretty variable security—anything from plaintext emails, chat messages, files copied to USB sticks, PGP encryption, and yellow sticky notes.
We thought about it for a while, and came up with Jak.
Jak lets you commit sensitive files into Git, but encrypts them for you as part of the commit hook so only encrypted versions end up in your repository. For the encryption, Jak also automatically generates, updates, and distributes encryption keys based upon whom you’ve given access to your repos. That way another developer can pull down your code and immediately get to work instead of waiting for keys to arrive.