Skip to content

Instantly share code, notes, and snippets.

@hectorcorrea
Created August 11, 2022 15:03
Show Gist options
  • Save hectorcorrea/5f682bd6c3922e0bbf1bdfba749fd9bd to your computer and use it in GitHub Desktop.
Save hectorcorrea/5f682bd6c3922e0bbf1bdfba749fd9bd to your computer and use it in GitHub Desktop.
A sample Git pre-commit hook to make sure file vault.yml file is encrypted before accepting a commit
#!/bin/sh
# reference: https://www.atlassian.com/git/tutorials/git-hooks
#
# To use this Git hook in a given repository:
# 1. copy the content to .git/hooks/
# 2. make it an executable: chmod u+x .git/hooks/pre-commit
#
# Once installed, everytime you issue `git commit` it will make sure the file vault.yml has the
# expected token to indicate that is encrypted. If the token is not found we assume the file is
# NOT encrypted and reject the commit.
#
# Notice that it is only looking for `vault.yml` in the root directory of the repo, a
# real implementation should look in the correct folders.
VAULT_FILE=./vault.yml
if test -f "$VAULT_FILE"; then
TOKEN="$(grep '$ANSIBLE_VAULT;1.1;AES256' $VAULT_FILE)"
if [ "$TOKEN" == '$ANSIBLE_VAULT;1.1;AES256' ]; then
exit 0
else
echo "$VAULT_FILE is NOT encrypted"
exit 1
fi
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment