From: Ted Zlatanov <tzz@lifelogs.com>
To: Michael J Gruber <git@drmicha.warpmail.net>
Cc: Aneesh Bhasin <contact.aneesh@gmail.com>, <git@vger.kernel.org>
Subject: Re: can Git encrypt/decrypt .gpg on push/fetch?
Date: Fri, 9 Sep 2011 08:52:21 -0500 [thread overview]
Message-ID: <87ehzpvn56.fsf@lifelogs.com> (raw)
In-Reply-To: <4E6A165D.5010703@drmicha.warpmail.net> (Michael J. Gruber's message of "Fri, 09 Sep 2011 15:36:29 +0200")
On Fri, 09 Sep 2011 15:36:29 +0200 Michael J Gruber <git@drmicha.warpmail.net> wrote:
MJG> Aneesh Bhasin venit, vidit, dixit 09.09.2011 12:50:
>> Hi Ted,
>>
>>
>> 2011/9/9 Ted Zlatanov <tzz@lifelogs.com>
>>>
>>> I need to store some encrypted files in Git but for some clients with
>>> the right GPG keys, decrypt them on checkout (possibly also encrypt them
>>> back on commit, but that's not as important).
>>>
>>> diff doesn't have to work, this is just for convenience. Can Git do
>>> this (matching only .gpg files) or do I need my own command to run after
>>> the checkout/fetch and before commit? It seems pretty out of Git's
>>> scope but perhaps others have done this before.
>>>
>>
>> Have you looked at git hooks (e.g. here : http://progit.org/book/ch7-3.html).
>>
>> You could do the encryption/decryption in pre-commit and post-checkout
>> hooks scripts respectively...
MJG> I'd recommend textconv for diffing and clean/smudge for plaintext
MJG> checkout. That is, there are two convenient versions:
MJG> A) Keep blobs and checkout encrypted
MJG> - Use an editor which can encrypt/decrypt on the fly (e.g. vim)
MJG> - Use "*.gpg diff=gpg" in your attributes and
MJG> [diff "gpg"]
MJG> textconv = gpg -d
MJG> in your config to have cleartext diffs. Use cachetextconv with caution ;)
MJG> B) Keep blobs encrypted, checkout decrypted
MJG> - Use Use "*.gpg filter=gpg" in your attributes and
MJG> [filter "gpg"]
MJG> smudge = gpg -d
MJG> clean = gpg -e -r yourgpgkey
MJG> in your config.
MJG> I use A on a regular basis. B is untested (but patterned after a similar
MJG> gzip filter I use). You may or may not have better results with "gpg -ea".
MJG> On clients without the keys, you can simply leave out the diff or filter
MJG> config resp. set them to "cat".
That's really helpful, thank you Aneesh and Michael. Exactly what I was
hoping to achieve.
Ted
next prev parent reply other threads:[~2011-09-09 13:52 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-09 10:22 can Git encrypt/decrypt .gpg on push/fetch? Ted Zlatanov
2011-09-09 10:50 ` Aneesh Bhasin
2011-09-09 13:27 ` Ted Zlatanov
2011-09-09 13:36 ` Michael J Gruber
2011-09-09 13:52 ` Ted Zlatanov [this message]
2011-09-09 18:42 ` Jeff King
2011-09-09 19:05 ` Junio C Hamano
2011-09-09 19:12 ` Michael J Gruber
2011-09-09 19:16 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ehzpvn56.fsf@lifelogs.com \
--to=tzz@lifelogs.com \
--cc=contact.aneesh@gmail.com \
--cc=git@drmicha.warpmail.net \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.