From: Ted Zlatanov <tzz@lifelogs•com>
To: Michael J Gruber <git@drmicha•warpmail.net>
Cc: Aneesh Bhasin <contact.aneesh@gmail•com>, <git@vger•kernel.org>
Subject: Re: can Git encrypt/decrypt .gpg on push/fetch?
Date: Fri, 9 Sep 2011 08:52:21 -0500 [thread overview]
Message-ID: <87ehzpvn56.fsf@lifelogs.com> (raw)
In-Reply-To: <4E6A165D.5010703@drmicha.warpmail.net> (Michael J. Gruber's message of "Fri, 09 Sep 2011 15:36:29 +0200")
On Fri, 09 Sep 2011 15:36:29 +0200 Michael J Gruber <git@drmicha•warpmail.net> wrote:
MJG> Aneesh Bhasin venit, vidit, dixit 09.09.2011 12:50:
>> Hi Ted,
>>
>>
>> 2011/9/9 Ted Zlatanov <tzz@lifelogs•com>
>>>
>>> I need to store some encrypted files in Git but for some clients with
>>> the right GPG keys, decrypt them on checkout (possibly also encrypt them
>>> back on commit, but that's not as important).
>>>
>>> diff doesn't have to work, this is just for convenience. Can Git do
>>> this (matching only .gpg files) or do I need my own command to run after
>>> the checkout/fetch and before commit? It seems pretty out of Git's
>>> scope but perhaps others have done this before.
>>>
>>
>> Have you looked at git hooks (e.g. here : http://progit.org/book/ch7-3.html).
>>
>> You could do the encryption/decryption in pre-commit and post-checkout
>> hooks scripts respectively...
MJG> I'd recommend textconv for diffing and clean/smudge for plaintext
MJG> checkout. That is, there are two convenient versions:
MJG> A) Keep blobs and checkout encrypted
MJG> - Use an editor which can encrypt/decrypt on the fly (e.g. vim)
MJG> - Use "*.gpg diff=gpg" in your attributes and
MJG> [diff "gpg"]
MJG> textconv = gpg -d
MJG> in your config to have cleartext diffs. Use cachetextconv with caution ;)
MJG> B) Keep blobs encrypted, checkout decrypted
MJG> - Use Use "*.gpg filter=gpg" in your attributes and
MJG> [filter "gpg"]
MJG> smudge = gpg -d
MJG> clean = gpg -e -r yourgpgkey
MJG> in your config.
MJG> I use A on a regular basis. B is untested (but patterned after a similar
MJG> gzip filter I use). You may or may not have better results with "gpg -ea".
MJG> On clients without the keys, you can simply leave out the diff or filter
MJG> config resp. set them to "cat".
That's really helpful, thank you Aneesh and Michael. Exactly what I was
hoping to achieve.
Ted
next prev parent reply other threads:[~2011-09-09 13:52 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-09 10:22 can Git encrypt/decrypt .gpg on push/fetch? Ted Zlatanov
2011-09-09 10:50 ` Aneesh Bhasin
2011-09-09 13:27 ` Ted Zlatanov
2011-09-09 13:36 ` Michael J Gruber
2011-09-09 13:52 ` Ted Zlatanov [this message]
2011-09-09 18:42 ` Jeff King
2011-09-09 19:05 ` Junio C Hamano
2011-09-09 19:12 ` Michael J Gruber
2011-09-09 19:16 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ehzpvn56.fsf@lifelogs.com \
--to=tzz@lifelogs$(echo .)com \
--cc=contact.aneesh@gmail$(echo .)com \
--cc=git@drmicha$(echo .)warpmail.net \
--cc=git@vger$(echo .)kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox