Home

git-age @main - refs - log -
- 
https://git.jolheiser.com/git-age.git
git-crypt, but with age
tree log patch
chore: update readme and renormalize on init Signed-off-by: jolheiser <john.olheiser@gmail.com>
Signature
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEgqEQpE3xoo1QwJO/uFOtpdp7v3oFAmTMCuAACgkQuFOtpdp7 v3q+gxAA23eLtGlcjssuFl6CHTlZez/MrHH6J4gz2hhGY0v+Aa/SMMDrUomel9G4 LT2yzTxhKNoyy5Op/Qt5FmsVTN1JcCtpPBvTjk6d7ZFM0KDi/RTeoasRxcYv6yBe Sy65P8fp4yXwYSbbjKE2EennzFCsrRnIDMpbOTZY1TSeDATM3cVBouJbB+XB1x6V O9KvM0R37typKl/06CxFJlSfM8OPolW0B62yfqlNKtOt3l1HWa53h5/fHlV11mQU TuqJqRMVSwAlVY70TOqm9CYKjTPPt/g6HI+MYhWY+v6YHTmXnR4VzGoThi6FqZfl GmPtgEEn+VgnOM3x8Po63zSrwOZof8I9y5t8bXUy+TpKEjHIgjAuv+tnolOKl3aH P2aEzb+bk/FXtBkhKx6cheDN/M+gRjGG/5jY+vCruS85dw27xBsTS66kF6+GuBkn dLCiyhYM/lCXvmNxfRx651+TSr4W+jDE57iB8+1P6yh6lHt7ry+ZDp6dn/V+68Ed /pZDzJKJRDZLnWCv5g6mnq4EhJfQOWnbFSHt4KTyBs7oemdJCHYqc625s1fckry7 dIWsjHdqL0Ier750lbAzOb95tIzz3gW0uffFsiOV50zBZo+Beed/yunqV0XZlQQo GBlcqpWwkInP18h66VZJVAzL9n34T1LPdG9LTHY5tZwDIJV6eZ4= =vsE+ -----END PGP SIGNATURE-----
jolheiser <john.olheiser@gmail.com>
2 years ago
2 changed files, 18 additions(+), 8 deletions(-)
README.mdcmd/init.go
M README.mdREADME.md
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

diff --git a/README.md b/README.md
index 7dfc2466ad88997785b2443d97283c7890da402c..11ba9033cf3cd90be834f4c86ba6c477d2bd7cc0 100644
--- a/README.md
+++ b/README.md
@@ -10,7 +10,7 @@ > Short answer: you probably shouldn't. Before considering this approach, take a look at [SOPS](https://github.com/mozilla/sops) and [Hashicorp Vault](https://www.vaultproject.io/) if they are better suited for the problem at hand. **They have a clear security advantage** over `git-age`.
 > 
 > The one use-case where it makes sense to use `git-age` instead is when you want to keep some files secret on a (potentially public) git remote, but you need to have the plaintext in the local working tree because you cannot hook into the above tools for your workflow. **Being lazy is not an excuse to use this software.**
 
-## Install
+## Adding git-age to a new repository
 
 1. Install `git-age` in your `PATH`
 2. `git age init`
@@ -18,7 +18,9 @@ 3. Add some identities
   - `git age ident key.txt`
   - `git age ident ssh`
 4. Set up your config ([example](.git-age.yaml))
-5. Use git like normal.
+5. Add your secrets to `.gitattributes`
+  `secret.txt diff=git-age filter=git-age`
+6. Use git like normal.
 
 ## Decrypting an existing repository
M cmd/init.gocmd/init.go
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

diff --git a/cmd/init.go b/cmd/init.go
index e450af18d2234494ef54ceddfc1c5a91927af5cb..4aae21e399e9781899b79c1c864eaf69c54fda5b 100644
--- a/cmd/init.go
+++ b/cmd/init.go
@@ -2,7 +2,9 @@ package cmd
 
 import (
 	"bytes"
+	"errors"
 	"fmt"
+	"io/fs"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -41,6 +43,9 @@ 	}
 
 	cfg, err := LoadConfig()
 	if err != nil {
+		if errors.Is(err, fs.ErrNotExist) {
+			return nil
+		}
 		return err
 	}
 	dir, err := gitBaseDir()
@@ -61,13 +66,13 @@ 				return err
 			}
 
 			var buf bytes.Buffer
-			cmd := exec.Command(exe, args...)
-			cmd.Stdin = bytes.NewReader(content)
-			cmd.Stdout = &buf
+			c := exec.Command(exe, args...)
+			c.Stdin = bytes.NewReader(content)
+			c.Stdout = &buf
 			if debug {
-				cmd.Stderr = os.Stderr
+				c.Stderr = os.Stderr
 			}
-			if err := cmd.Run(); err != nil {
+			if err := c.Run(); err != nil {
 				if debug {
 					fmt.Fprintf(os.Stderr, "could not smudge file: %v\n", err)
 				}
@@ -78,8 +83,11 @@ 			fi, err := os.Create(apn)
 			if err != nil {
 				return err
 			}
-			defer fi.Close()
 			fi.Write(buf.Bytes())
+			if err := fi.Close(); err != nil {
+				return err
+			}
+			cmd("git", "add", "--renormalize", apn)
 
 			return nil
 		}(); err != nil {