Rotating git-crypt Key

Initial setup: Let’s create a directory with some files and then use git-crypt to encrypt them.

mkdir git_crypt_ssm 
cd git_crypt_ssm 
vi secure1.txt # Add some text content
vi secure2.txt # Add some text content
git init
git-crypt init
git-crypt export-key ../git-crypt-key
echo "secure1.txt filter=git-crypt diff=git-crypt" > .gitattributes
echo "secure2.txt filter=git-crypt diff=git-crypt" >> .gitattributes
git add .gitattributes 
git commit -m "Tell git-crypt to encrypt files"
git add secure1.txt secure2.txt
git commit -m "Add files"
cat secure1.txt # Content will be unecrypted
cat secure2.txt # Content will be unecrypted
git-crypt lock 
cat secure1.txt # Content will be encrypted
cat secure2.txt # Content will be encrypted
git-crypt unlock ../git-crypt-key
cat secure1.txt # Content will be unecrypted
cat secure2.txt # Content will be unecrypted

Rotating Key: Now let’s see how to change git-crypt key and use 2 different keys to encrypt secure1.txt and secure2.txt files:

rm -f .gitattributes 
rm -rf .git/git-crypt
rm -f secure1.txt secure2.txt
git-crypt init
git-crypt export-key ../git-crypt-key-new
echo "secure1.txt filter=git-crypt diff=git-crypt" > .gitattributes
git-crypt init -k key2
git-crypt export-key -k key2 ../git-crypt-key-new2
echo "secure2.txt filter=git-crypt-key2 diff=git-crypt-key2" >> .gitattributes
vi secure1.txt # Add some text content
vi secure2.txt # Add some text content
git add .
git commit -m "Change Keys"
git-crypt lock 
git-crypt lock -k key2 
cat secure1.txt # Content will be encrypted
cat secure2.txt # Content will be encrypted
git-crypt unlock ../git-crypt-key-new 
cat secure1.txt # Content will be unencrypted
cat secure2.txt # Content will be encrypted
git-crypt unlock ../git-crypt-key-new2
cat secure1.txt # Content will be encrypted
cat secure2.txt # Content will be encrypted