On Thu, Nov 19, 2020 at 02:11:16AM +0000, brian m. carlson wrote:
> On 2020-11-18 at 07:04:30, Patrick Steinhardt wrote:
> > On Wed, Nov 18, 2020 at 02:25:32AM +0000, brian m. carlson wrote:
> > > Sure, that could be an option.  It's the simplest, and we already know
> > > how to handle config this way.  People will be able to figure out how to
> > > use it pretty easily.
> > 
> > At first, this idea sounds quite interesting. But only until one
> > realizes that it's got the exact same problem which I'm trying to solve:
> > there's still a point in time where one can observe config values via
> > the command line, even though that moment now is a lot shorter compared
> > to running the "real" git command with those keys.
> 
> I don't think that's the case.  This command:
> 
>   git --env-config a.b.c=ENV_VAR
> 
> would be equivalent to this shell command:
> 
>   git -c "a.b.c=$ENV_VAR"
> 
> In other words, ENV_VAR is the _name_ of a environment variable to read
> for the config value.  Subprocesses would inherit it using the
> undocumented GIT_CONFIG_PARAMETERS.
> 
> Or are you trying to hide the configuration key as well?

No. I just didn't realize that it's supposed to be the name of an
envvar.

Patrick