search

AGWA / git-crypt

Transparent file encryption in git
https://www.agwa.name/projects/git-crypt/
GNU General Public License v3.0
8.22k stars 476 forks source link

Command to edit .gitattributes #51

Open dsernst opened 9 years ago

dsernst commented 9 years ago

How would you feel about adding a command to more quickly add new items to git-crypt?

For example:

git-crypt add foobar.txt (or alternatively: git-crypt encrypt foobar.txt) would be like running echo "foobar.txt filter=git-crypt diff=git-crypt" >> .gitattributes

The aim here is for a simpler way to use git-crypt with less chance to screw up the syntax when adding new filters to .gitattributes

AGWA commented 9 years ago

I'll have to give this some more thought, but I think I like the idea (thanks for suggesting it!). My only concern is that someone could have a complex, manually-configured .gitattributes setup that prevents the line added by git-crypt from working (.gitattributes is a rather complex beast and different .gitattributes files can interact in undesired ways). I suppose git-crypt could run git check-attr on the file after appending to .gitattributes and display an error if the attribute didn't take effect.

dsernst commented 9 years ago

Ah, got it.

Just to offer more context— I was showing git-crypt to a friend, and they were expecting to need to do git-crypt add (to match git add). They thought that was more intuitive, and were confused by the .gitattributes syntax.

On the other hand, this is powerful stuff we're talking about! And it might be unwise to make it too easy to encrypt things. This current workflow ensures the user puts some thought into it before they accidentally encrypt everything (and then lose their private key :unamused: )

gleber commented 8 years ago

What about always prepending new file's line before any non-comment line in .gitattributes? Naively it seems that it should work for 99% cases.

smemsh commented 8 years ago

Making the .gitattributes file is quite cumbersome and error-prone. At the moment it is the most difficult part of using git-crypt correctly: one has to (1) make sure it exists before the encrypted file is ever staged; (2) get the syntax right; (3) remember to update it for all new encrypted files.

I find that the easiest way is using a standard dir like $project_root/crypt/, doing a one-time .gitattributes edit for that directory only, and then using symlinks into "the crypt" for any files that are encrypted. This way I just drop them into crypt/ and everything is already handled, but this is not ideal (it's an implementation detail). A mechanical way to automatically add files to .gitattributes (possibly with a git-crypt add) would be much better and avoid some risk of accidentally committing cleartext.

I don't see how this could be dangerous or affect existing patterns if the full repository path is specified in .gitattributes. An exact pattern will not match anything else. If somebody wants to do things to every file in a repo with a broader pattern, they will simply not use git-crypt add. The user can determine, just like they already do, but with the "yes I want to encrypt" case made much easier.