git encrypt/decrypt remote repository files while push/pull

by

Yes and no.

You could try to depend on hook but that supposes they are installed at the remote locations, and that is not always reliable.

Another way to achieve almost the same effect would be by using a smudge/clean attribute filter driver, but not for a full repo.

smudge/clean

(Source: Pro Git book: Customizing Git – Git Attributes)

That way the smudge script is able decode the files, while the clean script would encode them.
Again, that could work for a few sensitive files, not for a full repo.

Off course, those scripts would not be in the repository itself, and would be managed/communicated by another way.

As Alkaline points out in the comments, that idea does not scale for a repo, as the main git maintainer Junio C. Hamano comments back in 2009:

As the sole raison d’etre of diff.textconv is to allow potentially lossy
conversion (e.g. msword-to-text) applied to the preimage and postimage
pair of contents (that are supposed to be “clean”) before giving a textual
diff to human consumption.

The above config may appear to work, but if you really want an encrypted repository, you should be using an encrypting filesystem.
That would give an added benefit that the work tree
associated with your repository would also be encrypted.

Even though it does not scale to a full repo, the idea was implemented (3 years later in 2013) with git-crypt, as detailed in Dominic Cerisano‘s answer.
git-crypt uses a content filter driver (implemented in cpp, with commands.cpp setting up your .gitattributes with the relevant smudge and clean filter commands).
As any content filter driver, you can then limit the application of git-crypt to the set of files you want, in the same .gitattributes file:

secretfile filter=git-crypt diff=git-crypt
*.key filter=git-crypt diff=git-crypt

As mentioned in the README:

git-crypt relies on git filters, which were not designed with encryption
in mind.

As such, git-crypt is not the best tool for encrypting most or
all of the files in a repository.
Where git-crypt really shines is where most of your repository is public, but you have a few files (perhaps private keys named *.key, or a file with API credentials) which you need to encrypt.

For encrypting an entire repository, consider using a system like git-remote-gcrypt instead.

(see more at spwhitton/ tech/ code/ git-remote-gcrypt, from Sean Whitton)

More Related Contents:

  1. Could not open a connection to your authentication agent
  2. Detach (move) subdirectory into separate Git repository
  3. Recover from git reset –hard?
  4. Retrieve specific commit from a remote Git repository
  5. What is HEAD in Git?
  6. Remove tracking branches no longer on remote
  7. Recover from losing uncommitted changes by “git reset –hard”
  8. How can I run git push/pull commands with SSH verbose mode?
  9. Rolling back local and remote git repository by 1 commit
  10. How does ‘git merge’ work in details?
  11. How to show the first commit by ‘git log’?
  12. Git merge error “commit is not possible because you have unmerged files”
  13. failed to push some refs to [email protected]
  14. How to serve GIT through HTTP via NGINX with user/password?
  15. Push existing project into Github
  16. Recursively add the entire folder to a repository
  17. Git commits are duplicated in the same branch after doing a rebase
  18. How can I push a local Git branch to a remote with a different name easily?
  19. Git fast-forward VS no fast-forward merge
  20. Git best practice for config files etc
  21. Should I add the Visual Studio 2015 .vs folder to source control?
  22. How to diagnose and fix git fatal: unable to read tree
  23. How to copy a Gitlab project to another Gitlab repository?
  24. Git – how to force manual merge even if there is no conflict
  25. Git asks for username every time I push
  26. Unable to show a Git tree in terminal
  27. Git: How to squash all commits on branch
  28. SourceTree App says uncommitted changes even for newly-cloned repository – what could be wrong?
  29. Git rebase –preserve-merges fails
  30. Cygwin/Git error cygheap base mismatch detected

Leave a Comment