1

I'd like to to use git to start managing our Bacula configuration files, but want to keep out (or mask) the passwords in these files.

I've considered:

  1. looked for a setting within Bacula that allows pointing to a keyfile(s) instead of a password. It seems this would entail moving to the SSL setup
  2. using the git "clean" and "smudge" filters. It seems like that would require patching the passwords back in manually though, or writing some custom logic for the "smudge" operation
  3. Using the "include other files" directive. But the lines I want to exclude are scattered throughout the config file

Is there an easier way that I've overlooked?

Community
  • 1
pufferfish
  • 2,660
  • 9
  • 37
  • 40
  • Were you able to get traction on this? I've been looking for version control on our enterprise edition of Bacula and haven't found any guides but would be interested on what you come across. – user1207381 Nov 24 '15 at 19:58

1 Answers1

0

One option would be to use the keyword expansion mechanism (smudge/clean), but having your clean filter create the passwords in a new file (outside the repo) and your smudge filter read the file and put the password back in the fields.

Here's the documentation for the keyword expansion system (I think you could easily adapt the date example): https://git-scm.com/book/en/v2/Customizing-Git-Git-Attributes#_keyword_expansion

Groomblecom
  • 104
  • 7