# Hugo Encrypt `hugo-encrypt` is a golang port of [Hugo Encryptor](https://github.com/Li4n0/hugo_encryptor) `hugo-encrypt` is a tool that encrpyts content in your [Hugo](https://gohugo.io) posts. It uses AES-256-GCM to encrypt the contents of your posts, and inserts the necessary javascript code into the encrypted posts that decrypts the content after the correntc passphrase has been entered. ## Installation Environmental dependency: go 1.11+ **Step 1: Install hugo-encrypt.** $ go get github.com/Izumiko/hugo-encrypt **Step 2: Place `hugo-encrypt` in the root directory of your blog, or add `hugo-encrypt` to your `$PATH`** $ cp hugo-encrypt /path/to/your/blog/ or $ export PATH=/path/to/hugo-encrypt/:$PATH **Step 3: Place `shortcodes/hugo-encryptor.html` in the shortcode directory of your blog:** $ mkdir -p /path/to/your/blog/layouts/shortcodes $ cp shortcodes/hugo-encryptor.html /path/to/your/blog/layouts/shortcodes/hugo-encryptor.html **Step 4: Merge i18n translation files and/or add your own language.** $ cp -r i18n /path/to/your/blog/ ## Usage **Step 1: Use the `hugo-encryptor` tag around the text you want to encrypt ** ```markdown --- title: "This Is An Encrypted Post" --- {{< hugo-encryptor .Site.Params.Password >}} # You cannot see me unless you've got the passphrase! This is the content you want to encrypt! {{< /hugo-encryptor >}} ``` **Step 2: Generate your site as usual** It may be something like: $ hugo **Step 3: Get the encryption done** $ ./hugo-encrypt or (if added to PATH) $ hugo-encrypt Now all the private posts in your `public` directory are encrypted. ## Configuration Although `hugo-encrypt` works right out of the box, there are a few things that can be customized to your liking. . ### Language Use i18n to display content generated by `hugo-Encrypt` in the language of your choice by setting the following param in your config file. Make sure to set the Param `DefaultContentLanguage` and add the corresponding language file to the i18n folder. ```toml [params] DefaultContentLanguage = "en-us" ``` ### Password storage `hugo-encrypt` uses _localStorage_ by default. This means the passphrase is permanently stored in the browser. By adding the `hugoEncryptStorage` param in your blog's config file you can set the storage method to _sessionStorage_. ```toml [params] hugoEncryptStorage = "session" # or "local" ``` * **localStorage**: Once a visitor entered the correct passphrase the authorization status will not expire. The visitor can read the article until the passphrase has been changed or the browser cache is cleared. * **sessionStorage**: Once a visitor entered the correct passphrase the authorization will expire after the browser is closed. ## Attention * Remember to keep the source files of your encrypted posts private. Never push your blog directory into a public repository as the encryption happens after generating the html files with `hugo`. * Remember to run `hugo-encrypt` every time after generating your site with `hugo` to encrypt the posts you want to be passphrase-protected. You might want to use a shell script instead of `hugo` to take care of both generation and encryption of your html files: ```bash #!/bin/bash hugo hugo-encrypt ```