Comments (2)
Hi, that would be a cool feature but it's not something we will do sorry. It would be very difficult to do, if it's possible at all, so it's not something we will support.
from transcrypt.
Hi,
I created a little workaround for this.
I wrote a pre-commit-githook
that uses sed
to create an partially encrypted *.dec
file of the fully encrypted file.
#!/usr/bin/env bash
# sed pre-commit hook: duplicate decrypted sensitive file and redact sensitive informations via sed
tmp=$(mktemp)
IFS=$'\n'
for secret_file in $(git -c core.quotePath=false ls-files | git -c core.quotePath=false check-attr --stdin filter | awk 'BEGIN { FS = ":" }; /crypt$/{ print $1 }'); do
# Skip symlinks, they contain the linked target file path not plaintext
if [[ -L $secret_file ]]; then
continue
fi
# extract filename
filename="${secret_file##*/}"
# get file extension
file_extension="${filename##*.}"
# get filename without extension
file="${filename%.*}"
# extract directory
dir="$(dirname ${secret_file})"
# if test -f "${dir}/${file}.sed"; then
if test -f "${dir}/${filename}.sed"; then
if [ $file_extension == $file ]; then
sed -f "${dir}/${filename}.sed" $secret_file > "${dir}/${file}_dec"
else
sed -f "${dir}/${filename}.sed" $secret_file > "${dir}/${file}.${file_extension}.dec"
fi
fi
done
rm -f "${tmp}"
unset IFS
You than just need to create a sed
file where you define what should be replaced and the hook than creates with this sed
file an *.dec
file.
Example
plain file aws-etcd-backup.yaml
apiVersion: v1
kind: Secret
metadata:
name: dgops-s3-credentials
namespace: kube-system
type: Opaque
data:
ACCESS_KEY_ID: TEST_KEY_ID
SECRET_ACCESS_KEY: TEST_ACCESS_KEY
sed file aws-etcd-backup.yaml.sed
s/\(ACCESS_KEY_ID: \).*/\1<REDACTED>/
s/\(SECRET_ACCESS_KEY: \).*/\1<REDACTED>/
resulting partially decrypted file aws-etcd-backup.yaml.dec
apiVersion: v1
kind: Secret
metadata:
name: dgops-s3-credentials
namespace: kube-system
type: Opaque
data:
ACCESS_KEY_ID: <REDACTED>
SECRET_ACCESS_KEY: <REDACTED>
Maybe this helps someone.
from transcrypt.
Related Issues (20)
- feat: Transparent file name encryption
- Transcrypt can fail to run in Jenkins when Git hooks are disabled: `mkdir: can't create directory '/dev/null': File exists` HOT 8
- Error `transcrypt smudge context=default' failed 1` since version 2.2.1 HOT 13
- rekeying broken in 2.3.0-pre HOT 4
- decryption not happening on OS in FIPS compliant mode HOT 7
- File name encryption HOT 1
- Is there any way to have diff's work inside git clients, such as Sublime Merge? HOT 3
- encryption changed, but no change! HOT 5
- Creating a second context on pre-release branch creates duplicate pre-commit file HOT 2
- Cannot detect transcrypt repo HOT 4
- openssl: WARNING : deprecated key derivation used. Using -iter or -pbkdf2 would be better. HOT 2
- transcrypt: unknown option -- context HOT 2
- mkdir: /dev/null: File exists HOT 2
- Handle quotes and colon in filenames HOT 3
- context cannot be flushed and reencrypted anymore HOT 4
- Completion in zsh doesn't work
- Password echoing to terminal? How can I set password securely? HOT 2
- Unexpected commit with git log --all
- [Discussion]: Encryption in Git (Globally) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from transcrypt.