git diff vault files

[Damjan Georgievski]

Now that we started using vault files for secret data, one of the problems is that git diff on the vault files gives the whole file as changed (understandably).
The trouble I have now is that I use git diff before I commit to double check I didn't change something I didn't want to.

Is there some trick that people are using to git diff encrypted files?

[Toshio Kuratomi]

I haven't used vault extensively so I've never had to dive into this
before. however, I think that either filters or pointing git at an
external diff tool which you write a short wrapper to do the
decryption are the ways to do this. Doing some web searching I do
notive that other people are using git's filters for similar
transparent encryption and decryption operations. For instance:

https://www.agwa.name/projects/git-crypt/
http://stackoverflow.com/questions/11575398/how-can-i-save-my-secret-keys-and-password-securely-in-my-version-control-system

Sorry I don't have an out of the box recipe for you but it does seem
doable with a bit of time and reading.

-Toshio

> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/05816297-316c-48fb-b1a0-875202ef1fc6%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Michael DeHaan]

I'd consider using the new "ansible-vault view" command to view when you don't want to edit -- it's new on the devel branch if not actually part of 1.8.

I don't remember :) ... but it may help and avoid writing the script.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAG9juEqz0BvLzEqmHTFzaw1XeXZNZq99a1L9SHjfETkMujpHOA%40mail.gmail.com.

[Damjan Georgievski]

On Friday, December 12, 2014 1:28:01 AM UTC+1, Michael DeHaan wrote:

I'd consider using the new "ansible-vault view" command to view when you don't want to edit -- it's new on the devel branch if not actually part of 1.8.

I don't remember :) ... but it may help and avoid writing the script.

"ansible-vault view" is in 1.8 yes, very helpful.
But doesn't solve the issue when I DID edit the file, and want a quick check to see what I've edited.

[Michael DeHaan]

"But doesn't solve the issue when I DID edit the file, and want a quick check to see what I've edited."

I suspect that feature is not going to be a thing, as it would require comparing the unencrypted versions in memory.

If the implementation is small, we might consider it.

--

You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/dacd7bac-3b00-46c6-9310-0bcb4de1c705%40googlegroups.com.