Add git-crypt for encrypted backup of SSH keys and AWS credentials

[Copilot]

Dotfiles repositories need to preserve SSH keys and AWS credentials when moving between machines, but these secrets cannot be committed unencrypted.

Implementation

• Encryption: Added git-crypt with .gitattributes rules to transparently encrypt secrets/.ssh/** and secrets/.aws/** while keeping README files readable
• Directory structure: Created secrets/{.ssh,.aws}/ with template READMEs showing expected file layouts
• Documentation: Added setup guide covering GPG key initialization, symmetric key fallback, and restoration workflows

Usage

# One-time setup
brew install git-crypt
git-crypt init
git-crypt add-gpg-user YOUR_GPG_KEY_ID

# Copy secrets (auto-encrypted on commit)
cp ~/.ssh/id_* secrets/.ssh/
cp ~/.aws/{config,credentials} secrets/.aws/

# Restore on new machine
git-crypt unlock
stow -t ~/ secrets

Files in secrets/ directories are encrypted at rest in git and automatically decrypted when the repository is unlocked with a GPG or symmetric key.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Find a way to save secret files securely</issue_title>
<issue_description>Files like

• .aws/config
• .ssh/*
  ...</issue_description>

<agent_instructions>This repo is all about being able to move to another computer and preserving all my configuration. Find a way to "backup" ssh private keys and the aws config that contains secrets.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

• Fixes Find a way to save secret files securely #4

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.