apply encryption retroactively with filter-branch

[Aeon]

Would be nice to have an option in git-crypt to allow one to encrypt the protected files retroactively starting from beginning of time. This would rewrite all history, so would have to be done with care, but would be quite useful when doing an initial public release of a private repository.

Is this possible to do manually?

[AGWA]

This is a good idea. At a high level, first you'd use filter-branch to add the gitattributes file to all previous commits. Then you'd need to apply the clean filter retroactively, which looks pretty simple according to this:

http://stackoverflow.com/questions/14371358/git-filter-branch-index-filter-re-apply-clean-filter

There are probably some edge cases to consider though. Implementation-wise, I think this would make the most sense as a script distributed alongside git-crypt rather than in the git-crypt program itself.

I'll give this some thought and maybe play around with it in the next few days. It might be a while before I can fully tackle it though.

[nanodust]

new to git-crypt. seems to work well... assuming it's a new repo :) this feature would still be quite useful.

[sean9999]

love the idea and agree with author that it should be a separate script. i'll whip one up in bash

[sebastianst]

so anyone has a git filter-branch recipe on how to do this gracefully? I'd love to see this added as a subcommand to git-crypt or as a separately shipped script.

[ioquatix]

Good idea, took me like an hour to figure out how to do it and it was a nightmare to get it working.. rebasing etc

[johansja]

Any step to step guide on how to do this?

[axelcostaspena]

Although the procedure seems more or less easy, using filter-branch for adding the gitattributes from the beggining of the project and filter-branch all descendant commits, it seems that when the repo is big it always re-decrypt the files at several intermediate commits :(