lazyfrosch/git-filter-secrets

## git-filter-secrets
#!/bin/bash

set -e

case "$1" in
  init)
    git config filter.git-filter-secrets.smudge "git-filter-secrets smudge"
    git config filter.git-filter-secrets.clean "git-filter-secrets clean"
    git config filter.git-filter-secrets.required true
    echo "Configuration updated"
    ;;
  clean)
    sed -r \
      -e 's/^([#; \t]*_\S*(community|pass)\S*\s+)\S+.*/\1SECRET/i' \
      -e 's/(--\S*pass(wd|word)?[= ])[^$]\S*/\1SECRET/i' \
      -e 's/(check_snmp\![^\!]*\!)[^\!]*/\1COMMUNITY/i'
    ;;
  smudge)
    cat
    ;;
  *)
    echo "Invalid command: $1" >&2
    exit 1
esac

## git-filter-secrets.md

      
    Raw
  

              git-filter-secrets.md
            
          
    git-filter-secrets

An example how to filter secrets from git commits.
Warning: This does only clean the commited content, not the local files. Also there is no way to restore secrets from GIT.
Usage

$ cp git-filter-secrets /usr/local/bin/
or
$ cp git-filter-secrets ~/bin/

$ git-filter-secrets init
$ echo "*.cfg filter=git-filter-secrets" >>.gitattributes

References


https://git-scm.com/docs/gitattributes
https://github.com/AGWA/git-crypt
	#!/bin/bash

	set -e

	case "$1" in
	init)
	git config filter.git-filter-secrets.smudge "git-filter-secrets smudge"
	git config filter.git-filter-secrets.clean "git-filter-secrets clean"
	git config filter.git-filter-secrets.required true
	echo "Configuration updated"
	;;
	clean)
	sed -r \
	-e 's/^([#; \t]_\S(community\|pass)\S\s+)\S+./\1SECRET/i' \
	-e 's/(--\Spass(wd\|word)?[= ])[^$]\S/\1SECRET/i' \
	-e 's/(check_snmp\![^\!]\!)[^\!]/\1COMMUNITY/i'
	;;
	smudge)
	cat
	;;
	*)
	echo "Invalid command: $1" >&2
	exit 1
	esac