From: Michael J Gruber <git@drmicha.warpmail.net>
To: Aneesh Bhasin <contact.aneesh@gmail.com>
Cc: tzz@lifelogs.com, git@vger.kernel.org
Subject: Re: can Git encrypt/decrypt .gpg on push/fetch?
Date: Fri, 09 Sep 2011 15:36:29 +0200 [thread overview]
Message-ID: <4E6A165D.5010703@drmicha.warpmail.net> (raw)
In-Reply-To: <CAGhXAGSw3y=cjAHXtwycDifoBPr13AkYtLHRRXejRKue0vkz7A@mail.gmail.com>
Aneesh Bhasin venit, vidit, dixit 09.09.2011 12:50:
> Hi Ted,
>
>
> 2011/9/9 Ted Zlatanov <tzz@lifelogs.com>
>>
>> I need to store some encrypted files in Git but for some clients with
>> the right GPG keys, decrypt them on checkout (possibly also encrypt them
>> back on commit, but that's not as important).
>>
>> diff doesn't have to work, this is just for convenience. Can Git do
>> this (matching only .gpg files) or do I need my own command to run after
>> the checkout/fetch and before commit? It seems pretty out of Git's
>> scope but perhaps others have done this before.
>>
>
> Have you looked at git hooks (e.g. here : http://progit.org/book/ch7-3.html).
>
> You could do the encryption/decryption in pre-commit and post-checkout
> hooks scripts respectively...
I'd recommend textconv for diffing and clean/smudge for plaintext
checkout. That is, there are two convenient versions:
A) Keep blobs and checkout encrypted
- Use an editor which can encrypt/decrypt on the fly (e.g. vim)
- Use "*.gpg diff=gpg" in your attributes and
[diff "gpg"]
textconv = gpg -d
in your config to have cleartext diffs. Use cachetextconv with caution ;)
B) Keep blobs encrypted, checkout decrypted
- Use Use "*.gpg filter=gpg" in your attributes and
[filter "gpg"]
smudge = gpg -d
clean = gpg -e -r yourgpgkey
in your config.
I use A on a regular basis. B is untested (but patterned after a similar
gzip filter I use). You may or may not have better results with "gpg -ea".
On clients without the keys, you can simply leave out the diff or filter
config resp. set them to "cat".
Michael
next prev parent reply other threads:[~2011-09-09 13:36 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-09 10:22 can Git encrypt/decrypt .gpg on push/fetch? Ted Zlatanov
2011-09-09 10:50 ` Aneesh Bhasin
2011-09-09 13:27 ` Ted Zlatanov
2011-09-09 13:36 ` Michael J Gruber [this message]
2011-09-09 13:52 ` Ted Zlatanov
2011-09-09 18:42 ` Jeff King
2011-09-09 19:05 ` Junio C Hamano
2011-09-09 19:12 ` Michael J Gruber
2011-09-09 19:16 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E6A165D.5010703@drmicha.warpmail.net \
--to=git@drmicha.warpmail.net \
--cc=contact.aneesh@gmail.com \
--cc=git@vger.kernel.org \
--cc=tzz@lifelogs.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.