Install transcrypt extension on bitbucket server - gitattributes not working

I'm preparing Bitbucket server for a migration from SVN to Git with bitbucket.

I will need to crypt some files in order to hide "secret" files for some people. Note that the people that won't add the "key", won't have access to Bitbucket too.


I test the transcrypt extension (which used OpenSSL), and it works very easily on my computer.

I think that the problem is exactly the same with git-crypt extension.


So I try to add transcrypt to bucket server in order to be able to view the diff and make comment inside pull request that will have encrypted file.

The problem is that I'm not able to create/modified a .gitattributes on the bitbucket server.

If go on my server repo, "C:\Atlassian\ApplicationData\Bitbucket\shared\data\repositories\32", change the config file to add these lines :

    version = 0.9.7

    cipher = aes-256-cbc


[filter "crypt"]

    clean = \"$(git rev-parse --show-toplevel)\"/crypt/clean %f

    smudge = \"$(git rev-parse --show-toplevel)\"/crypt/smudge

[diff "crypt"]

    textconv = \"$(git rev-parse --show-toplevel)\"/crypt/textconv


    ls-crypt = "!git ls-files | git check-attr --stdin filter | awk 'BEGIN { FS = \":\" }; /crypt$/{ print $1 }'"

After that, I create a "crypt" folder that will host the clean/smudge script/hook (like it is on my local git repo).

But I didn't see where putting my ".gitattributes" that will tell to git which files are crypted or not. Here the .gitattributes file I want to add:
"#pattern filter=crypt diff=crypt
SDK/** filter=crypt diff=crypt
Protected/** filter=crypt diff=crypt"

I try to create a folder "attributes" in "info" folder and put the .gitattributes, but it doesn't work.

Someone can help me about that ?

2 answers

0 votes
Adam Ahmed Atlassian Team Apr 19, 2016

I could be wrong, but I don't think it's possible to implement what you want in that way.

Bitbucket Server uses bare repositories - that is, versions of the repository that don't have a working directory checked out.

In contrast, clean and smudge happen on checkout and on commit back to the repo from the working directory. These wouldn't run in a bare repo (if my understanding is correct). The diff handler _might_ run, but we use lots of customized low level commands anyway - relying on us to use a particular command for diffing is probably not a good idea.

I would instead encourage you to write your own diff and source viewers for transcrypted files. You could check the file's contents and handle it if you believe it is transcrypted, or use gitattributes to make that determination.  I will note that it it would require programming knowledge and a bit of time to get right. If you have purchased Bitbucket Server you'll have access to the code - you can use the LFS plugin as an example of how to implement your own viewer.

You can also create a feature request for transcrypted support at, but I suspect we won't prioritize it until transcrypt is more widely used.

And maybe you can prove me wrong and find a way to make it work anyway! Best of luck!



    Hello Adam,

thank you for these explanations. It seems more clear for me now, even If I don't see a quick solution right now ...


I was thinking that Bitbucket server web interface was doing a checkout in a temp local directory. But if it used only a bare repository, I better understand that it won't be possible to used the clean/smudge hook.


Using the LFS Bitbucket addons seems a solution to reach my goal, but seems also not easy while I don't know the technology used by Bitbucket web server and that I'm not a git expert too.


For the moment, I'm evaluating/testing Bitbucket server, so I don't have the sources yet. I hope to buy it soon, but originally I was hoping to have a solution for crypted files before that.


best regards,


Suggest an answer

Log in or Sign up to answer
Community showcase
Published Thursday in Bitbucket Pipelines

Building a Bitbucket Pipe as a casual coder :  #!/bin/bash source "$(dirname "$0")/" enable_debug extra_args="" if [[ "${DEBUG}" == "true" ]]; then extra_args="--verbose" fi # mandatory variables R...

228 views 0 12
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you