Comment by maxmoehl

1 day ago

> It's very difficult to review history. I stopped using it a while ago, but since everything's encrypted `git diff` won't give you anything useful and IIRC the command line tools were very hard to use for reviewing/restoring passwords when you mess up updates, etc.

pass sets up a .gitattributes and configures git to convert gpg files to text via a custom driver. This enables a text-diff of the encrypted contents out of the box (at least for a store I've just set up to test this).

  ~/.password-store # cat .gitattributes
  *.gpg diff=gpg
  ~/.password-store # cat .git/config
  # ...
  [diff "gpg"]
          binary = true
          textconv = gpg2 -d --quiet --yes --compress-algo=none --no-encrypt-to --batch --use-agent

2 comments

maxmoehl

alexsmirnov 18 hours ago

Thank you ! It was missed in my .git/config, probably because it expects gpg2, and my installation only has gpg. No diff works correctly!

wkat4242 15 hours ago

Eek doesn't this create a security hole? Or are those diffs gpg encrypted?