Code of Conduct
Existing issues
Problem
Summary
I've implemented and validated git-crypt support in my fork and have been
using it locally — it works end-to-end with Claude.ai/code. Sharing it
here as a contribution in case it's useful to others.
Problem
career-ops stores genuinely sensitive data: salary targets, active
interview pipelines, negotiation positions, and full application history.
Running it with Claude Code cloud (Claude.ai/code) means the repo needs
to be accessible remotely, but committing this data in plaintext to any
remote — public or private — is an unnecessary risk, especially for users
on employer-managed GitHub accounts.
Proposed solution
Solution
git-crypt encrypts specific files so they're stored as opaque binary blobs
in git history, unreadable without the key, while Claude reads them
transparently once the repo is unlocked. A GIT_CRYPT_KEY environment
variable in Claude.ai/code project settings handles the unlock
automatically on session start.
What I added
.gitattributes — encryption patterns for personal files (cv.md,
config/profile.yml, data/, reports/, interview-prep/, tracker
TSVs); system files stay plaintext.cloud-setup.sh — session setup script: installs git-crypt, runs
npm install, unlocks repo via GIT_CRYPT_KEYCLAUDE.md — two new steps before the onboarding flow: git pull to
sync, and a git-crypt unlock check with a clear warning if the key is missingdocs/cloud-setup.md — end-user guide covering init, key export,
env var setup, verification, rotation, and troubleshooting
No breaking changes
Users who don't use git-crypt are completely unaffected. .gitattributes
only activates if git-crypt is initialized in the repo. The CLAUDE.md
steps gracefully skip if cv.md is already plaintext.
Happy to open a PR if this aligns with the project direction.
Area
Other
Code of Conduct
Existing issues
Problem
Summary
I've implemented and validated git-crypt support in my fork and have been
using it locally — it works end-to-end with Claude.ai/code. Sharing it
here as a contribution in case it's useful to others.
Problem
career-ops stores genuinely sensitive data: salary targets, active
interview pipelines, negotiation positions, and full application history.
Running it with Claude Code cloud (Claude.ai/code) means the repo needs
to be accessible remotely, but committing this data in plaintext to any
remote — public or private — is an unnecessary risk, especially for users
on employer-managed GitHub accounts.
Proposed solution
Solution
git-crypt encrypts specific files so they're stored as opaque binary blobs
in git history, unreadable without the key, while Claude reads them
transparently once the repo is unlocked. A
GIT_CRYPT_KEYenvironmentvariable in Claude.ai/code project settings handles the unlock
automatically on session start.
What I added
.gitattributes— encryption patterns for personal files (cv.md,config/profile.yml,data/,reports/,interview-prep/, trackerTSVs); system files stay plaintext
.cloud-setup.sh— session setup script: installs git-crypt, runsnpm install, unlocks repo viaGIT_CRYPT_KEYCLAUDE.md— two new steps before the onboarding flow: git pull tosync, and a git-crypt unlock check with a clear warning if the key is missing
docs/cloud-setup.md— end-user guide covering init, key export,env var setup, verification, rotation, and troubleshooting
No breaking changes
Users who don't use git-crypt are completely unaffected.
.gitattributesonly activates if git-crypt is initialized in the repo. The CLAUDE.md
steps gracefully skip if
cv.mdis already plaintext.Happy to open a PR if this aligns with the project direction.
Area
Other