如何区分 ansible Vault 更改? [英] How to diff ansible vault changes?

问题描述

我想在 ansible Vault 文件中查看实际的 git commit 更改.

I'd like to see the actual git commit changes in the ansible vault file.

有没有简单的方法来实现这一目标?

Is there an easy way how to achieve this?

推荐答案

你可以非常巧妙地做到这一点，让git log和git diff等普通的git工具可以使用自定义 git diff 驱动程序和 .gitattributes 看到 Vaulted 文件的内部.

You can do this very neatly, so that the normal git tools like git log and git diff can see inside the vaulted files, using a custom git diff driver and .gitattributes.

• 确保您的保险库密码在 .vault_password 中并且该文件未提交 - 您还应该将其添加到 .gitignore.

• 添加一个 .gitattributes 文件，该文件与存储库中使用 ansible-vault 加密的任何文件相匹配，并为它们提供属性 diff=ansible-vault.例如，我有:

• Make sure that your vault password is in .vault_password and that that file is not committed - you should also add it to .gitignore.

• Add a .gitattributes file that matches any files in your repository that are encrypted with ansible-vault and give them the attribute diff=ansible-vault. For example, I have:

env_vars/production.yml diff=ansible-vault merge=binary
env_vars/staging.yml diff=ansible-vault merge=binary

您也可以使用通配符模式 - 每行的第一个元素，即模式，遵循与 .gitignore 文件相同的规则.merge=binary 选项告诉 git 不要尝试对这些文件进行三向合并.

You can also use wildcarded patterns - the first element of each line, the pattern, follows the same rules as .gitignore files. The merge=binary option tells git not to attempt to do a three-way merge of these files.

然后，您必须将具有属性 diff=ansible-vault 的文件的 diff 驱动程序设置为 ansible-vault 视图:

Then you have to set the diff driver for files with attribute diff=ansible-vault to ansible-vault view:

git config --global diff.ansible-vault.textconv "ansible-vault view"

应该就是这样 - 当 git 计算您的模式匹配的文件的差异时，它会首先解密它们.

And that should be it - when git is calculating diffs of the files your pattern matches, it'll decrypt them first.

这篇关于如何区分 ansible Vault 更改?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！