Git
basics
set username and email
source:
- to setup your username and email globally use the following commands
git config --global user.name "Max Mustermann"
git config --global user.email "max.mustermann@muster.de"
- to setup your username and email for a specific repository use the following commands
cd <path-to-your-repo>/
git config user.name "Max Mustermann"
git config user.email "max.mustermann@muster.de"
store temporarily passwords
source: [git] git-credential-cache
- use the
git-credential-cache
helper
git config credential.helper 'cache --timeout=28800' # 8 hours
rename GitHub branch
source: [GitHub] Renaming a branch
- if you need to rename your branch execute the following commands:
git branch -m OLD-BRANCH-NAME NEW-BRANCH-NAME
git fetch origin
git branch -u origin/NEW-BRANCH-NAME NEW-BRANCH-NAME
git remote set-head origin -a
# remove tracking references to the old branch name
git remote prune origin
git tag
source: [Atlassian] Git tag
- if you need to create a new tag execute the following commands:
# add annotated tag with message
git tag -a v1.4 -m "my version 1.4"
# push tag to remote
git push origin v1.4
- if you need to retag or replace old tags execute the following command
# map commit "15027957951b64cf874c3557a0f3547bd83b3ff6" to tag v1.4 and override existing content for the v1.4 tag
git tag -a -f v1.4 15027957951b64cf874c3557a0f3547bd83b3ff6
delete commit history
source: [Xebia] How to Delete Commit History – A Step-by-Step Guide
- if you need to delete your commit history do the following steps
# checkout to a temp branch
git checkout --orphan temp_branch
# add all files
git add -A
# commit
git commit -m "Initial commit"
# delete old branch
git branch -D main
# rename temp branch
git branch -m main
# push
git push --force origin main
encryption with transcrypt
- below is a description how to encrypt files in Git with transcrypt
- for a working example take a look at the boilerplate repo
initialization
$ cd <path-to-your-repo>/
$ transcrypt
full file encryption
$ cd <path-to-your-repo>/
$ echo 'sensitive content' >> sensitive_file_full
$ echo 'sensitive_file_full filter=crypt diff=crypt merge=crypt' >> .gitattributes
$ git add .gitattributes sensitive_file_full
$ git commit -m 'Add encrypted version of a sensitive file'
$ transcrypt --list
$ transcrypt --show-raw sensitive_file_full
partial file encryption
- transcrypt can't encrypt files partially
- so I created a workaround based on
sed
- the file itself is still fully encrypted but a copy of the file will be created which only redacts the sensitive parts
preparation
- create a file
bin\create-hook-symlinks.sh
#!/bin/bash
for hook in "$(dirname "$0")/../githooks/"*; do
ln -s -f "../../githooks/$(basename $hook)" "$(dirname "$0")/../.git/hooks/$(basename $hook)"
echo -e "\n# run $(basename $hook) script" >> "$(dirname "$0")/../.git/hooks/pre-commit"
echo "\$(dirname \"\$0\")/$(basename $hook)" >> "$(dirname "$0")/../.git/hooks/pre-commit"
done
- create a file
githooks/pre-commit-sed
#!/usr/bin/env bash
# sed pre-commit hook: duplicate decrypted sensitive file and redact sensitive informations via sed
tmp=$(mktemp)
IFS=$'\n'
for secret_file in $(git -c core.quotePath=false ls-files | git -c core.quotePath=false check-attr --stdin filter | awk 'BEGIN { FS = ":" }; /crypt$/{ print $1 }'); do
# Skip symlinks, they contain the linked target file path not plaintext
if [[ -L $secret_file ]]; then
continue
fi
# extract filename
filename="${secret_file##*/}"
# get file extension
file_extension="${filename##*.}"
# get filename without extension
file="${filename%.*}"
# extract directory
dir="$(dirname ${secret_file})"
# if test -f "${dir}/${file}.sed"; then
if test -f "${dir}/${filename}.sed"; then
if [ $file_extension == $file ]; then
sed -f "${dir}/${filename}.sed" $secret_file > "${dir}/${file}_dec"
else
sed -f "${dir}/${filename}.sed" $secret_file > "${dir}/${file}.${file_extension}.dec"
fi
fi
done
rm -f "${tmp}"
unset IFS
- execute file
bin/create-hook-symlinks.sh
usage
$ cd <path-to-your-repo>/
$ echo 'user: max mustermann' >> sensitive_file_partial
$ echo 'password: s3nsitive' >> sensitive_file_partial
$ echo 's/\(password: \).*/\1<REDACTED>/' >> sensitive_file_partial.sed
$ echo 'sensitive_file_partial filter=crypt diff=crypt merge=crypt' >> .gitattributes
$ git add .gitattributes sensitive_file_partial
$ git commit -m 'Add encrypted version of a sensitive file'
$ transcrypt --list
$ transcrypt --show-raw sensitive_file_partial
- after commit you should see a file
sensitive_file_partial_dec
where only the password is<REDACTED>