I've been successfully using git-crypt to provide provide partial encryption to some of my repos. It's a great program and I'd definitely recommend it for your git repository encryption needs.
However, while installation is quite simple, I couldn't find good instructions
on how to uninstall git-crypt and maintain history intact.
This guide provides simple instructions on how to accomplish that. In the end, you should have a new, unencrypted repository that is a copy of your original encrypted one, including all the commit history.
Some assumptions:
- Your original (encrypted) repository has been cloned into
/tmp/original. - Your new (clear text) repository will be under
/tmp/new. - We'll use
/tmp/patchfor our temporary patch location. - Your original repository working directory is clean (
git statusshould return nothing.) - You have
rsyncinstalled.
Note: I've tried this procedure on repositories with a linear commit line (no merge commits.)
We'll use git format-patch with the --textconv command-line flag to create
plain-text patches of the encrypted repo, and then use git am to apply these
patches into a clean repo.
Remove any old directories and create the new ones. Initialize a clean git repository
under /tmp/new:
rm -rf /tmp/{new,original,patch}
mkdir /tmp/{new,patch}
git init /tmp/new
Now clone your original (encrypted) repository under /tmp/original and use git-crypt unlock
to unlock the working copy:
git clone YOUR_REPO_URL /tmp/original
cd /tmp/original
git-crypt unlock
<provide any needed credentials>
Create a patch for every single commit in the original repo:
cd /tmp/original
git format-patch --textconv --root HEAD -o /tmp/patch
<watch patch files to be written...>
Use ls -l /tmp/patch and confirm that a number of patch files were created under/tmp/patch.
We'll now apply the patches into the newly created repository (under /tmp/new).
cd /tmp/new
for i in /tmp/patch/*.patch; do git am "$i"; done
I've seen some warning messages, but they seem to be mostly harmless. Make sure this command iterates through all patches and does not encounter any fatal errors.
Once the patches have been applied, remove the git-crypt configuration from
the new repository and submit the changes.
git rm .gitattributes
git rm -r .git-crypt
git commit -m 'Removed git-crypt. Thanks for all the fish!'
Note: If you have non-git-crypt stuff in .gitattributes, you'll have to
edit the file and remove those lines only. Otherwise, it should be OK to remove
the file completely.
For some reason, even after a successful run of git am, my repo ended up with
a few differences. Those were minor and I believe they were caused by different
starting points in the repo history (the original repo started from an existing
file, while the new one started from a blank slate).
We'll now copy every file under git control from the encrypted (but
unlocked) working directory to the newly created (unencrypted) repository.
This should make it easy to see any differences with git status and git diff:
cd /tmp/original
rsync -avp --files-from=<(git ls-files | grep -v '^.gitattributes\|git-crypt/') . /tmp/new
cd /tmp/new
git status
Use git diff to investigate any differences reported by git status. Add and
commit any changes you see.
At this point we'll have a clean repository under /tmp/new that can be pushed
to another location. Please note that the newly created repository has no
remotes or special configs from the original.
Once everything is finished (and you saved /tmp/new into some other place) clean the
temporary directories with:
rm -rf /tmp/{new,original,patch}
Hope this helps.