transparently encrypt files within a git repository
MIT License
Bot releases are hidden (Show)
Added new contexts feature that lets you encrypt different sets of files with different passwords for a different audience, such as super-users versus normal repository users. See --context=
/ -C
/ --list-context
arguments and documentation for this advanced feature.
cd
commands printing out excess details when CDPATH
is set (#156)--flush
command to work with contexts (#175)$GIT_REFLOG_ACTION
(issue #150)GREP_OPTIONS
enviroment variable from breaking transcrypt's use of grep (#166)CDPATH
is set then cd will print the path (#156)To upgrade transcrypt it is not enough to have a newer version on your system, you must also run the --upgrade
command in each repository:
Check the version of transcrypt on your system:
$ transcrypt --version
Check the version of transcrypt in your Git repository, which may be
different:
$ .git/crypt/transcrypt --version
Upgrade the version of transcrypt in your Git repository:
$ transcrypt --upgrade
Published by jmurty over 1 year ago
Properly fixes a bug introduced in 2.2.1 that could cause errors like fatal: filename: smudge filter crypt failed
and/or the message warning: command substitution: ignored null byte in input
when decrypting some files, as reported in issue #158.
The fix required removing a feature that automatically fixed faulty encrypted files that with double-salting due to incompatibility with LibreSSL 3+. If you have problems decrypting some files where the decrypted version has binary junk at the top, open an issue at https://github.com/elasticdog/transcrypt/issues/ for help.
hexdump
command is no longer required by Transcrypt.To upgrade transcrypt it is not enough to have a newer version on your
system, you must also run the --upgrade
command in each repository:
Check the version of transcrypt on your system:
$ transcrypt --version
Check the version of transcrypt in your Git repository, which may be
different:
$ .git/crypt/transcrypt --version
Upgrade the version of transcrypt in your Git repository:
$ transcrypt --upgrade
Published by jmurty over 1 year ago
Fixes bug introduced in 2.2.1 that could cause errors like fatal: filename: smudge filter crypt failed
and/or the message warning: command substitution: ignored null byte in input
when decrypting some files, as reported in issue #158.
hexdump
command is now required by Transcrypt. It will be installedbsdmainutils
package oncolumn
command.To upgrade transcrypt it is not enough to have a newer version on your
system, you must also run the --upgrade
command in each repository:
Check the version of transcrypt on your system:
$ transcrypt --version
Check the version of transcrypt in your Git repository, which may be
different:
$ .git/crypt/transcrypt --version
Upgrade the version of transcrypt in your Git repository:
$ transcrypt --upgrade
Published by jmurty over 1 year ago
This release fixes a bug introduced in version 2.2.0
that made transcrypt incompatible with the LibreSSL version 3 and later, which particularly affected users on MacOS 13 "Ventura" which shipped with the LibreSSL project's binary version 3.3.6.
To upgrade transcrypt it is not enough to have a newer version on your
system, you must also run the --upgrade
command in each repository:
Check the version of transcrypt on your system:
$ transcrypt --version
Check the version of transcrypt in your Git repository, which may be
different:
$ .git/crypt/transcrypt --version
Upgrade the version of transcrypt in your Git repository:
$ transcrypt --upgrade
Published by jmurty over 2 years ago
This release includes compatibility with OpenSSL 3, installs a single script into the Git crypt/ directory instead of multiple, adds the option --set-openssl-path
to use a specific version of openssl
, and a number of other tweaks and fixes.
Make sure you are running the latest version of transcrypt:
$ transcrypt --version
Upgrade a repository:
$ transcrypt --upgrade
--set-openssl-path
option to configure transcrypt to use a specific openssl version instead of the default version found in $PATH
. This will be most useful to macOS users who might want to use a newer version of OpenSSL. This option can be used on init, on upgrade, or by itself.transcrypt.crypt-dir
setting for advanced users to override the path of the .git/crypt/ directory to permit things like installing transcrypt in a repository on a device without execute permissions (#104)clean
, smudge
, textconv
, and merge
in the repository's crypt/ directory; the single consolidated transcrypt
script is stored there instead.xxd
command (#133)core.hooksPath
setting when installing the pre-commit hook. (#104)Published by elasticdog about 4 years ago
This release includes features to make it easier and safer to use transcrypt, in particular: fix merge of encrypted files with conflicts, preventing accidental commit of plain text files by incompatible Git tools, and upgrade easily with --upgrade
.
Make sure you are running the latest version of transcrypt:
$ transcrypt --version
Upgrade a repository:
$ transcrypt --upgrade
Enable the merge handling fix by adding merge=crypt
to the end of each transcrypt pattern in .gitattribute
, to look like this:
sensitive_file filter=crypt diff=crypt merge=crypt
--upgrade
command to apply the latest transcrypt scripts in an already configured repository without the need to re-apply existing settings..gitattribute
filters Transcrypt needs to do its job.--version
and --help
commands now work when run outside a Git repository. (#68)--list
command now works in a repository that has not yet been init-ed.Published by elasticdog over 5 years ago
*** WARNING: Re-encryption will be required when updating to version 2.0.0! ***
This is not a security issue, but the result of a bug fix to ensure that the salt generation is consistent across all operating systems. Once someone on your team updates to version 2.0.0, it will manifest as the encrypted files in your repository showing as changed. You should ensure that all users upgrade at the same time...since transcrypt
itself is small, it may make sense to commit the script directly into your repo to maintain consistency moving forward.
After you've upgraded to v2.0.0...
Display the current config so you can reference the command to re-initialize things:
$ transcrypt --display
The current repository was configured using transcrypt version 1.1.0
and has the following configuration:
GIT_WORK_TREE: /home/elasticdog/src/transcrypt
GIT_DIR: /home/elasticdog/src/transcrypt/.git
GIT_ATTRIBUTES: /home/elasticdog/src/transcrypt/.gitattributes
CIPHER: aes-256-cbc
PASSWORD: correct horse battery staple
Copy and paste the following command to initialize a cloned repository:
transcrypt -c aes-256-cbc -p 'correct horse battery staple'
Flush the credentials and re-configure the repo with the same settings as above:
$ transcrypt --flush-credentials
$ transcrypt -c aes-256-cbc -p 'correct horse battery staple'
Now that all of the appropriate files have been re-encrypted, add them and commit the changes:
$ git add -- $(transcrypt --list)
$ git commit --message="Re-encrypt files protected by transcrypt using new salt value"
sed
binary to prevent errors (#50)transcrypt
addresses all ShellCheck static analysis warningsPublished by elasticdog over 6 years ago
Published by elasticdog about 7 years ago
Published by elasticdog over 7 years ago
Published by elasticdog almost 8 years ago
mktemp
when running on OS X versions 10.10 Yosemite and earlier.Published by elasticdog almost 8 years ago
Since the v0.9.9 release, these are the notable improvements made to transcrypt:
mktemp
utility to be more cross-platformPublished by elasticdog about 8 years ago
Since the v0.9.7 release, these are the notable improvements made to transcrypt:
--show-raw
to dump the raw commit objects for all encrypted filesgit log -p