4

I know how to encrypt a file on my repository, via git-crypt:

echo "*.crypt.* filter=git-crypt diff=git-crypt" > .gitattributes
echo "supersecret info" > somethingTo.crypt.txt
git add .gitattributes somethingTo.crypt.txt
git crypt status   # somethingTo.crypt.txt results encrypted
git commit
git push

and I know how to store a file with git-lfs (on a self-hosted GitLab; LFS enabled in the project settings):

git lfs track somethingTo.crypt.txt
git add .gitattributes    # updated LFS rule for tracked file
git commit
git push

... but, how does one use them both on the same file?

Even if .gitattributes has the git-filter for encrypting before the filter for storing on LFS, the file doesn't get encrypted (git crypt status | grep somethingTo reports "not encrypted"). All the other *.crypt.* files that are not tracked by LFS get encrypted correctly.

I guess that the issue is with my somethingTo.crypt.txt now being just a reference object in the repository, instead of the actual (encrypted) file. But I would expect (thanks to the git-filters) that the file gets filtered/encrypted before being pushed to the LFS Store.

Are the two filter extension compatible with each other? How do I make them work together?

Kamafeather
  • 8,663
  • 14
  • 69
  • 99
  • 1
    Kamafeather were you ever able to figure this out? Or is this impossible, as this point? Wanted to share this as well: https://github.com/AGWA/git-crypt/issues/93 – Ryan Schultz Nov 16 '22 at 04:24
  • 2
    @RyanSchultz unfortunately not, for my use case I was using LFS only to store a backup archive, so I opted for using bash scripts for encrypting it with GPG _**before**_ pushing it to the repo, and then decrypting it before restoring its data. – I'm trying to distance myself from git-crypt as it unfortunately doesn't cover some more complex use cases, and at times makes hard to track history (if doing the mistake of mixing in the same file content that should be crypted with content that should not). Sorry I can't help better; however you might try the suggestions in the linked GitHub issue. – Kamafeather Nov 16 '22 at 04:41
  • 2
    Thanks Kamafeather, for what it's worth, I created a bounty for improving git filters: https://app.bountysource.com/issues/93535439-gitattributes-5-should-control-paths-desired-git-lfs-extensions Hopefully others will add to it. – Ryan Schultz Nov 16 '22 at 21:34

1 Answers1

1

Composing filters you get to do yourself. You'll have to make your own combined filter (and whatever other attributes those mods install) that has the effect you want, git doesn't know how to make third-part hooks cooperate with each other,

Even if .gitattributes has the git-filter for encrypting before the filter for storing on LFS, the file doesn't get encrypted

that would be because attributes don't accumulate, they overwrite. You get one value for each attribute, the one specified in the last match. If you want a filter that combines the effect of two third-party tools, you have to write a filter that combines the effect of those two third-party tools.

jthill
  • 55,082
  • 5
  • 77
  • 137
  • > If you want a filter that combines the effect of two third-party tools, you have to write a filter that combines the effect of those two third-party tools. @jthill, is that possible in this instance? Curious how one would do that? – Ryan Schultz Nov 16 '22 at 17:26