How can I `git diff` changes to rails 5.2 credentials?

Question

I want to be able to diff the changes to my encrypted config/credentials.yml.enc.

git diff alone shows the difference to the encrypted file contents. I want to see the plaintext changes.

How can I get a human readable diff of the config/credentials.yml.enc file?

I've attempted to solve this via `.gitattributes`, by specifying `bin/rails credentials:show` as the diff `textconv` function for `config/credentials.yml.enc`, ref: https://stackoverflow.com/a/39511274/885540. However the `git diff` command fails with the following error as `bin/rails credentials:show` does not accept a path argument. (Unlike `ansible-vault view`). — tommarshall, Mar 28 '18 at 08:06

Ian Grant · Answer 1 · 2018-05-23T09:00:09.093

11

This will work if you use rails encrypted:show instead of rails credentials:show as it takes a file as an argument.

For a global configuration add to your .gitconfig

[diff "enc"]
  textconv = rails encrypted:show
  cachetextconv = false

and then in ~/.config/git/attributes

*.yml.enc diff=enc

edited May 23 '18 at 09:00

answered May 22 '18 at 11:42

Ian Grant

1

Thanks. `rails encrypted:show` was exactly what I needed. Though I'd probably recommend `cachetextconv = false` to avoid caching sensitive data, and the config changes will need to be in `.git/config` unless you have an include for `.gitconfig` like https://stackoverflow.com/a/18330114/885540. Also the attributes can be defined in `.gitattributes` if you want those to track with the repo. – tommarshall May 22 '18 at 16:06
What is the `*.yml.enc diff=enc` for? It works without it (for me) – Roko Oct 21 '18 at 09:20

1 Answers1