From 8def445ac0484b359c536315c0852c735ef4b0c0 Mon Sep 17 00:00:00 2001
From: Gonne <gonne@mathebau.de>
Date: Tue, 24 Jun 2025 16:14:42 +0200
Subject: [PATCH] Enable cleartext diffs for SOPS secrets

---
 .gitattributes | 1 +
 README.md      | 2 ++
 2 files changed, 3 insertions(+)
 create mode 100644 .gitattributes

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..6cbe6fb
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+*.secrets.yaml diff=sopsdiffer
diff --git a/README.md b/README.md
index a756522..62bf3fa 100644
--- a/README.md
+++ b/README.md
@@ -233,6 +233,8 @@ If the accessing process is not root it must be member of the group `config.user
 for systemd services this can be archived by setting `serviceConfig.SupplementaryGroups = [ config.users.groups.keys.name ];`
 it the service configuration.
 
+For cleartext diffs configure your local clone with `git config diff.sopsdiffer.textconv "sops decrypt"` (see [Github](https://github.com/getsops/sops?tab=readme-ov-file#showing-diffs-in-cleartext-in-git)).
+
 ## impermanence
 
 These machines are setup with `"/"` as a tmpfs. This is there to keep the machines clean. So no clutter in home