blog

SEAN K.H. LIAO

gitattributes

What is that file for? Per path settings.

One of those settings is filter which can transform a file when it's staged clean and when its checked out smudge.

age

age Because why not have a sane file encrypting tool?

setup

gitconfig

Yes, this global config. But your secrets are global too, surely can't hurt much.

Use ascii armoured because binary files look weird on the web.

# ~/.config/git/config
[filter "ageencrypt"]
    clean = age -r age14mg08panez45c6lj2cut2l8nqja0k5vm2vxmv5zvc4ufqgptgy2qcjfmuu -a -
    smudge = age -d -i ~/.ssh/age.key -
    required = true

gitattributes

This is per repo config

secret.yaml filter=ageencrypt