george/blackbox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update .gitignore when registering new files

Browse Source 
To reduce the risk of accidentally adding plaintext secrets, ignore
registered plaintext files.
This commit is contained in:
Åsmund Grammeltvedt
2014-10-13 21:31:58 +02:00
parent 39f9ffb7df
commit b003318d81
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
bin/blackbox_register_new_file
View File

@@ -8,10 +8,11 @@
# to systems that need the plaintext (unencrypted) versions, run # to systems that need the plaintext (unencrypted) versions, run
# blackbox_postdeploy.sh to decrypt all the files. # blackbox_postdeploy.sh to decrypt all the files.
# TODO(tlim): Add the unencrypted file to .gitignore # TODO(tlim): Add the unencrypted file to .hgignore
set -e set -e
. _blackbox_common.sh . _blackbox_common.sh
_determine_vcs_base_and_type
unencrypted_file=$(get_unencrypted_filename "$1") unencrypted_file=$(get_unencrypted_filename "$1")
encrypted_file=$(get_encrypted_filename "$1") encrypted_file=$(get_encrypted_filename "$1")
@@ -45,6 +46,15 @@ if $SECRETSEXPOSED ; then
else else
COMMIT_FILES="$BB_FILES $encrypted_file" COMMIT_FILES="$BB_FILES $encrypted_file"
fi fi
IGNOREFILE=".${VCS_TYPE}ignore"
if [[ $VCS_TYPE = 'git' ]]; then
if ! grep -Fsx >/dev/null "$unencrypted_file" "$IGNOREFILE"; then
echo "$unencrypted_file" >>"$IGNOREFILE"
COMMIT_FILES="$COMMIT_FILES $IGNOREFILE"
fi
fi
echo 'NOTE: "already tracked!" messages are safe to ignore.' echo 'NOTE: "already tracked!" messages are safe to ignore.'
vcs_add $BB_FILES $encrypted_file vcs_add $BB_FILES $encrypted_file
vcs_commit "registered in blackbox: ${unencrypted_file}" $COMMIT_FILES vcs_commit "registered in blackbox: ${unencrypted_file}" $COMMIT_FILES