git-crypt icon indicating copy to clipboard operation
git-crypt copied to clipboard
verified publisher icon AGWA

Changing the encryption key on a file??

Open MaxFlanders opened this issue 7 years ago • 1 comments

Can I change the encryption key on a file?? Imagining that I start my repository with only a single key, and then I add another key. If change the filter and diff values on an already-encrypted file, will git-crypt de-crypt and re-crypt that file with the new key?

This tool is one of the most fantastic products I've seen in a long time. Simple, easy-to-set-up, and very effective. Thank you!

MaxFlanders avatar Oct 19 '18 21:10 MaxFlanders

I found myself with this situation:

One of our collaborators left the organization. I rolled the keys in 4 steps:

  • Generate a new key git crypt init -k foo, add the new collaborators to that key. Commit.
  • Copy the unlocked directory to a new location, update the .gitattributes in the new location to use key foo. Remove all the files (except the .gitattributes). Commit.
  • Remove the .gitattributes in the old location, move the files from the new location to the old one. Commit.
  • Remove the old keys, Commit.

poc: https://gitlab.com/agepoly/it/infra/ansible/-/merge_requests/155

roosemberth avatar Jun 26 '20 07:06 roosemberth