Possible Duplicate:
git encrypt/decrypt remote repository files while push/pull
I'd like to store some private data in a git repository that is going out in the world, basically some private configuration, and so on. I'd like to (somehow) have the file encrypted either as I commit it, or as I push it (preferably the latter, because then I can do reasonable diffs against the text form), and also obviously the inverse.
Is this possible with git's hooks?
git-annex can use the git-lfs protocol to store files in such repositories, and with gcrypt, everything stored in the remote can be encrypted. (Remember to replace "$mykey" with the keyid of your gpg key.) This uses the git-lfs special remote, and the gcrypt:: prefix on the url makes pushes be encrypted with gcrypt.
git-secret encrypts files and stores them inside your git repository, providing a history of changes for every commit. git-secret doesn't require any extra deploy operations other than providing the appropriate private key (to allow decryption), and using git secret reveal to decrypt all the secret files.
Alternatively, you can export a symmetric secret key, which you must securely convey to collaborators (GPG is not required, and no files are added to your repository): git-crypt export-key /path/to/key After cloning a repository with encrypted files, unlock with with GPG: git-crypt unlock Or with a symmetric key: git- ...
One way of doing this is is to encrypt the objects as they're being staged, and decrypted on checkout. This is rather earlier than doing it solely on push
/ pull
, but might be useful to you.
The way to do this is to use git's "smudge" and "clean" filters, but it's not necessarily recommended for reasons that are explained here by Junio C Hamano, the maintainer of git:
If you still decide to go ahead, you may want to look at this implementation of encrypting/decrypting clean/smudge filters:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With