1

Is it possible to run a proprietary script (e.g. for replacing passwords by generic values using sed) upon both git commit and git update?

The effect should be that:

  1. actual passwords e.g. in (commited) configuration files are not stored on the Git server
  2. files show up as unmodified despite passwords differ between the latest and commited version (with actual vs. generic password respectively)

I image this is possible with (local) Git hooks, if at all. So there is a hook for pre-commit that may trigger the script, but how about pre-update, or similar?

Drux
  • 11,992
  • 13
  • 66
  • 116
  • This could be done with clean and smudge filters. It is, however, the wrong way to do it. The right way to do it is with some sort of external authentication agency (low quality file like ~/.netrc, higher quality file like ~/.ssh/id_*, OS X style keychain, what-have-you), well away from the files you're controlling with Git. – torek Jul 23 '16 at 07:41
  • @torke Agreed after some more reflection. I you want to turn your comment into an answer, I shall accept it. – Drux Jul 23 '16 at 07:49
  • 1
    Clean and smudge filters are not specifically *hooks* (which, at least to me, means things in `.git/hooks`) but rather are programs used to modify files during `git add` and `git checkout`. This means that what Git sees, and stores in the repository, differs from what you see in a work-tree. So they would work—but that would make this mostly a duplicate of http://stackoverflow.com/a/14282199/1256452 ... – torek Jul 23 '16 at 07:53
  • @Drux Before accepting torek's answer, please change the title of the question to something like "How to prevent passwords from leaking into a git repository" – Leon Jul 23 '16 at 07:55
  • 1
    this is not a git question. In any source code repository if file containing password is committed; it is boun dto be visible. So please externalize them using unix environment variables, windows registry files, config files or command line arguments. – forvaidya Jul 23 '16 at 14:29

0 Answers0