Skip to content

Instantly share code, notes, and snippets.

@bencord0

bencord0/.gitattributes

Last active September 14, 2025 11:01
Show Gist options
  • Save bencord0/7daa8da088f1efae2774dad4a53abaf4 to your computer and use it in GitHub Desktop.
Save bencord0/7daa8da088f1efae2774dad4a53abaf4 to your computer and use it in GitHub Desktop.
Download ZIP
encrypted git logs
Raw
.gitattributes
*.gpg diff=git
Raw
README.md

Viewing Encrypted Git History

Setup

Create an encrypted document.

$ echo -e "Hello πŸ”’\n\nVersion 1" | gpg --encrypt -r [email protected] > encrypted.txt.gpg
$ git add encrypted.txt.gpg
$ git commit

Change that document.

$ echo -e "Hello πŸ˜‡\n\nVersion: 2"| gpg --encrypt -r [email protected] > encrypted.txt.gpg
$ git add encrypted.txt.gpg
$ git commit

The problem

By default, git cannot know how to read an encrypted binary file.

$ git log --show-signature --patch --stat

commit b5da89e5ea3cceaa9f8af50145b0b30d19176ecf
Author: Ben Cordero <[email protected]>
Date:   Sun Sep 14 11:49:29 2025 +0100

    Version 2
---
 encrypted.txt.gpg | Bin 612 -> 611 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/encrypted.txt.gpg b/encrypted.txt.gpg
index d82c09a..97312ae 100644
Binary files a/encrypted.txt.gpg and b/encrypted.txt.gpg differ

commit 39f010af3ba71eb1d958060c31f31f880d88d097
Author: Ben Cordero <[email protected]>
Date:   Sun Sep 14 11:47:33 2025 +0100

    Version 1
---
 encrypted.txt.gpg | Bin 0 -> 612 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/encrypted.txt.gpg b/encrypted.txt.gpg
new file mode 100644
index 0000000..d82c09a
Binary files /dev/null and b/encrypted.txt.gpg differ

The solution

Teach git how to decrypt a file before diffing.

# .git/config
...
[diff "gpg"]
    binary = true
    textconv = gpg2 -d --quiet --yes --compress-algo=none --no-encrypt-to --batch --use-agent

Tell git to use the gpg method to diff encrypted files.

# .gitattributes
*.gpg diff=gpg

The result

$ git log --show-signature --patch --stat

commit b5da89e5ea3cceaa9f8af50145b0b30d19176ecf
Author: Ben Cordero <[email protected]>
Date:   Sun Sep 14 11:49:29 2025 +0100

    Version 2
---
 encrypted.txt.gpg | Bin 612 -> 611 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/encrypted.txt.gpg b/encrypted.txt.gpg
index d82c09a..97312ae 100644
--- a/encrypted.txt.gpg
+++ b/encrypted.txt.gpg
@@ -1,3 +1,3 @@
-Hello πŸ”’
+Hello πŸ˜‡

-Version: 1
+Version: 2

commit 39f010af3ba71eb1d958060c31f31f880d88d097
Author: Ben Cordero <[email protected]>
Date:   Sun Sep 14 11:47:33 2025 +0100

    Version 1
---
 encrypted.txt.gpg | Bin 0 -> 612 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/encrypted.txt.gpg b/encrypted.txt.gpg
new file mode 100644
index 0000000..d82c09a
--- /dev/null
+++ b/encrypted.txt.gpg
@@ -0,0 +1,3 @@
+Hello πŸ”’
+
+Version: 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment