git-secret icon indicating copy to clipboard operation
git-secret copied to clipboard

Published 20 hours ago verified publisher icon sobolevn

Add git hooks

Open agowa opened this issue 3 years ago • 2 comments

Please add git hooks to via smude and clean as well as textdiv to allow working with the secret files within git.

Also having the decrypted files ignored by git entirely is bad because that way a git clean can unintentionally remove changes. Also a git diff won't show that the file changed and one can easily loose important work.

I'd recommend to git ignore the *.secret files and use git filters to do the encryption upon commit and checkout.

agowa avatar Jan 09 '22 03:01 agowa

This seems like a major change in how git-secret operates, and will confuse long time users. Also I'm loathe to force use of git filters.

git diff not being able to show changes in unencrypted files is by design, otherwise git would have to know the contents of the decrypted files. (Edit: ticket closed by mistake, reopened in case @sobolevn or others have input)

joshrabinowitz avatar Mar 21 '22 15:03 joshrabinowitz

fyi for git diff to work you don't need to check-in unencrypted files. All it needs is a textdiv filter. Git will call it expecting it to decrypt the file and provide clear text output. after that git will diff the cleartext and discard it after displaying. It won't get stored in the repository.

Also I'm loathe to force use of git filters.

Nothing I requested will require to use git filters. It will allow one to use them, but you still can use it without git filters.

This seems like a major change in how git-secret operates, and will confuse long time users.

Sadly yes, but it's the only one that I could come up with. Do you have a better idea to archive this goal? Also, this would solve the git clean -xddff deleting work, as only the .secret file is recognized by git as having been modified. The other one with all the user-made changes will be deleted as git will consider it a temporary file... This is bad user experience, but I'm open to discuss different solutions to fix this :) Also I currently see the risk of unintentionally overwriting files as the user currently doesn't know when a pull changed the .secret file and it'll be out of sync with the plaintext file and therefore the user could accidentally commit a change to this file without realizing that it's content was different before the comment compared to the time they started working on that file.

agowa avatar Mar 22 '22 16:03 agowa