Q: How to prevent unencrypted files from being committed

[kilianc]

I prefer sops over git-crypt but I like the filter pattern. Is there a good way to prevent a file that matches a filter from being committed unless is encrypted?

[autrilla]

545 would help with this I guess?

[kilianc]

Yeah, filestatus in combo with a filter/hook could work!

[xunholy]

Has anyone been able to find a git-crypt equivalent method using SOPS. I also like that git-crypt has the ability to un-encrypt after you've unlocked the secrets for the first time that are stored in the repo, seems fairly tedious with SOPS to do individual secret files each time.

[kilianc]

@xUnholy there was work related to this to avoid double encrypting files and potentially make automation and UX better. https://github.com/mozilla/sops/pull/545

seems fairly tedious with SOPS to do individual secret files each time

I wrote a simple bash wrapper to handle my specific use case. The convention is that encrypted files end with .enc. This way I can setup filters and rules to avoid committing unencrypted files or encrypting them twice.

[aDingil]

Maybe this helps: https://github.com/yuvipanda/pre-commit-hook-ensure-sops

[davinkevin]

Looking for the same thing, especially to use sops with .dotfiles and secrets.