From: Michael J Gruber <git@drmicha.warpmail.net>
To: Aneesh Bhasin <contact.aneesh@gmail.com>
Cc: tzz@lifelogs.com, git@vger.kernel.org
Subject: Re: can Git encrypt/decrypt .gpg on push/fetch?
Date: Fri, 09 Sep 2011 15:36:29 +0200 [thread overview]
Message-ID: <4E6A165D.5010703@drmicha.warpmail.net> (raw)
In-Reply-To: <CAGhXAGSw3y=cjAHXtwycDifoBPr13AkYtLHRRXejRKue0vkz7A@mail.gmail.com>
Aneesh Bhasin venit, vidit, dixit 09.09.2011 12:50:
> Hi Ted,
>
>
> 2011/9/9 Ted Zlatanov <tzz@lifelogs.com>
>>
>> I need to store some encrypted files in Git but for some clients with
>> the right GPG keys, decrypt them on checkout (possibly also encrypt them
>> back on commit, but that's not as important).
>>
>> diff doesn't have to work, this is just for convenience. Can Git do
>> this (matching only .gpg files) or do I need my own command to run after
>> the checkout/fetch and before commit? It seems pretty out of Git's
>> scope but perhaps others have done this before.
>>
>
> Have you looked at git hooks (e.g. here : http://progit.org/book/ch7-3.html).
>
> You could do the encryption/decryption in pre-commit and post-checkout
> hooks scripts respectively...
I'd recommend textconv for diffing and clean/smudge for plaintext
checkout. That is, there are two convenient versions:
A) Keep blobs and checkout encrypted
- Use an editor which can encrypt/decrypt on the fly (e.g. vim)
- Use "*.gpg diff=gpg" in your attributes and
[diff "gpg"]
textconv = gpg -d
in your config to have cleartext diffs. Use cachetextconv with caution ;)
B) Keep blobs encrypted, checkout decrypted
- Use Use "*.gpg filter=gpg" in your attributes and
[filter "gpg"]
smudge = gpg -d
clean = gpg -e -r yourgpgkey
in your config.
I use A on a regular basis. B is untested (but patterned after a similar
gzip filter I use). You may or may not have better results with "gpg -ea".
On clients without the keys, you can simply leave out the diff or filter
config resp. set them to "cat".
Michael
next prev parent reply other threads:[~2011-09-09 13:36 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-09 10:22 can Git encrypt/decrypt .gpg on push/fetch? Ted Zlatanov
2011-09-09 10:50 ` Aneesh Bhasin
2011-09-09 13:27 ` Ted Zlatanov
2011-09-09 13:36 ` Michael J Gruber [this message]
2011-09-09 13:52 ` Ted Zlatanov
2011-09-09 18:42 ` Jeff King
2011-09-09 19:05 ` Junio C Hamano
2011-09-09 19:12 ` Michael J Gruber
2011-09-09 19:16 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E6A165D.5010703@drmicha.warpmail.net \
--to=git@drmicha.warpmail.net \
--cc=contact.aneesh@gmail.com \
--cc=git@vger.kernel.org \
--cc=tzz@lifelogs.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).