Any Change Causes All Hashes to be Re-written

Shopify / ejson

EJSON is a small library to manage encrypted secrets using asymmetric encryption.

MIT License

1.34k stars 62 forks source link

Closed jeffutter closed 6 years ago

jeffutter commented 6 years ago

Maybe I'm doing something funny here but the readme states

Changes to secrets are auditable on a line-by-line basis with git blame.

However, if I decrypt my file, change a setting and re-encrypt it. Every line has changed.

My git blame shows everything changed by the last commit, not just the one thing I changed/added.

burke commented 6 years ago

Yup, you shouldn't be decrypting the file, just add new plaintext values to the encrypted file and encrypt it again.

jeffutter commented 6 years ago

Ahh, makes sense I guess. To change one, one would just delete the old encrypted value and add a new unencrypted one and re-encrypt the file?

burke commented 6 years ago

yup.

jeffutter commented 6 years ago

Awesome. Thanks for clarifying