Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

context cannot be flushed and reencrypted anymore #175

Closed
timmalich opened this issue Oct 25, 2023 · 4 comments
Closed

context cannot be flushed and reencrypted anymore #175

timmalich opened this issue Oct 25, 2023 · 4 comments

Comments

@timmalich
Copy link

timmalich commented Oct 25, 2023
edited
Loading

We have defined this context:
transcrypt -C local -c aes-256-cbc -p 'XXXXXXXXX'

Our gitattributes look like this:
kubernetes//secrets/ filter=crypt diff=crypt merge=crypt
kubernetes//local//secrets/** filter=crypt-local diff=crypt-local merge=crypt-local
kubernetes/**/secret-values.yaml filter=crypt diff=crypt merge=crypt

The files have already been reencrypted with XXXXXXXXX.

Now we would like to reencrypt the files in the local context yet again, but after running:
transcrypt -C local -f -F -y; transcrypt -C local --display

We still get:

The current repository was configured using transcrypt version 
and has the following configuration for context 'local':

  GIT_WORK_TREE:  <obfuscated>
  GIT_DIR:        <obfuscated>
  GIT_ATTRIBUTES: <obfuscated>

  CONTEXT:  local
  CIPHER:   aes-256-cbc
  PASSWORD: XXXXXXXXX

Copy and paste the following command to initialize a cloned repository for context 'local':

  transcrypt -C local -c aes-256-cbc -p 'XXXXXXXXX'

Therefore, after running:

 transcrypt -C local -c aes-256-cbc -F -y -p 'NewPassword'

We get:

transcrypt: the current repository is already configured for context 'local'; see 'transcrypt --context=local --display'
@timmalich
Copy link
Author

Since I couldn't find a total obvious bug in the transcrypt skript to raise a PR, our current workaround is:

  1. Backup unecrypted files
  2. transcrypt --uninstall
  3. git stash # just in case something was not clean
  4. remove and commit old files
  5. configure transcrypt like normal with new password
  6. add the previously backed up files again

@jmurty
Copy link
Collaborator

jmurty commented Oct 25, 2023
edited
Loading

Hi @timmalich I have checked the --flush command and found that it wasn't handling contexts correctly, thanks for reporting this.

I have a potential fix on the branch fix-flush-of-context, could you try this and confirm whether it fixes the flush problem for you?

As a side note, given the process you describe you should try using the --rekey command instead, it would be easier and it does not suffer from the bug that you found using --flush. You could re-encrypt (rekey) the files in your "local" context with a command like this:

transcrypt --context=local --rekey --password=NewPassword --yes

@timmalich
Copy link
Author

Hi @jmurty thanks for the amazing fast fix and sorry for the late reply. I can confirm that it works. Ignoring my limited knowledge on that matter: I would say that the code looks also good and readable to me. <3

jmurty added a commit that referenced this issue Oct 31, 2023
@jmurty
Fix --flush command to work with contexts (#175)
af3bb46
@jmurty
Copy link
Collaborator

jmurty commented Oct 31, 2023

Hi @timmalich thanks for confirming the fix, I have now merged it into the main branch and it will be included in a future official release

@jmurty jmurty closed this as completed Oct 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jmurty @timmalich