These scripts are designed to be used as a pre-receive or update hook on a git server. The context is an Ansible project in which sensitive data is encrypted using Ansible vault, and with a convention that all encrypted files have the .vault extension. The python script (abort-sensitive-files.py) verifies that:
- Every file encrypted with Ansible vault has a name ending with .vault.
- Every file with a name ending with .vault is ecnrypted with Ansible vault.
- No file contains an RSA private key in plaintext.
It's called by the bash script abort-sensitive-files.sh, which will have to be renamed to 'pre-receive'