git diff vault files

Now that we started using vault files for secret data, one of the problems is that git diff on the vault files gives the whole file as changed (understandably).
The trouble I have now is that I use git diff before I commit to double check I didn’t change something I didn’t want to.

Is there some trick that people are using to git diff encrypted files?

I haven't used vault extensively so I've never had to dive into this
before. however, I think that either filters or pointing git at an
external diff tool which you write a short wrapper to do the
decryption are the ways to do this. Doing some web searching I do
notive that other people are using git's filters for similar
transparent encryption and decryption operations. For instance:

https://www.agwa.name/projects/git-crypt/
http://stackoverflow.com/questions/11575398/how-can-i-save-my-secret-keys-and-password-securely-in-my-version-control-system

Sorry I don't have an out of the box recipe for you but it does seem
doable with a bit of time and reading.

-Toshio

I’d consider using the new “ansible-vault view” command to view when you don’t want to edit – it’s new on the devel branch if not actually part of 1.8.

I don’t remember :slight_smile: … but it may help and avoid writing the script.

I’d consider using the new “ansible-vault view” command to view when you don’t want to edit – it’s new on the devel branch if not actually part of 1.8.

I don’t remember :slight_smile: … but it may help and avoid writing the script.

“ansible-vault view” is in 1.8 yes, very helpful.
But doesn’t solve the issue when I DID edit the file, and want a quick check to see what I’ve edited.

“But doesn’t solve the issue when I DID edit the file, and want a quick check to see what I’ve edited.”

I suspect that feature is not going to be a thing, as it would require comparing the unencrypted versions in memory.

If the implementation is small, we might consider it.