Remove users from git-crypt enabled repository

Git crypt is a neat git extension to encrypt some files - if not all - in a git repository. Integrates nicely with git using filters and it's use is completely transparent once you have unlocked a repository.

Using git-crypt you can still share a repository in public and maintain a set of files with secrets that are accessible to a limited number of users. Especially useful for open source projects.

At some point maybe you'll need to remove one of the users who have access to the encrypted files. Git-crypt does not provide a command to remove users (yet) because it's complicated to be done right while preserving history.

Until this issue is fixed, I put together a script to automate the procedure. The script will de-initialize git-crypt from the repository, completely remove the git-crypt keys and users. Then it will re-encrypt the repository and re-add all the keys (users) expect the one requested to be removed.

This is obviously a work-around and a proper solution with multiple git-crypt key versions is preferred but still it gets the work done. The solution was inspired by comments in the corresponding issue.

Grab with the script and documentation from GitHub.

Go Top