git-crypt is executed as a filter for secrets specified in .gitattributes files. However, git-annex initialization results in * filter=annex being added to $GIT_DIR/info/attributes, which has the highest precedence, ultimately causing any git-crypt filtering to be bypassed.
Is there a recommended workaround for this? Thanks!
I guess this is about them both setting the filter attribute.
git-annex does not write to .git/info/attributes after
git-annex initso you can move the filter=annex line from there to another file, or change the line to only match on some files not*, or even delete it, if you want to.Thank you for your explanation!
Removing
* filter=annexaltogether causes problems when the repo has unlocked files, but removing it from.git/info/attributesand adding a.gitattributesfile with the following contents at the repository root seems to allow both git-crypt and git-annex to work without issue:So both are setting the "filter" attribute. And trying
git check-attr filter my_secretit outputs "git-crypt" with the configuration you show, but with git-annex's .git/info/attributes, it outputs "annex".So by "highest precedence" it means it stops when it finds the attribute in that file. Unfortunate, but I kind of see why they would do that, since .git/info/attributes is a way to locally override .gitattributes files in the repo.
git-annex could write to .gitattributes, but it feels cleaner to not need to modify the contents of the git repo in order to use the current version of git-annex with it.