I'm trying to understand the git-secret workflow.
This was the scenario:
- Teammate added my gpg key via git-secret tell and re-encrypted the secret files + pushed them.
- I can reveal these files, reencrypt them via git-secret hide and see that after reencryption (hide) that other teammates should be able to access these files because they are listed in git-secret whoknows -> works nicely!
I noticed that just after executing git-secret reveal the pubring.kbx changed. I dont understand why this would be the case. Am i not just decrypting files?
Why would revealing information cause changes to the keyring? Do i need to commit these changes?
We figured different git-secret versions might be the cause of this. When inspecting the kbx file with kbxutils (https://www.gnupg.org/documentation/manuals/gnupg/kbxutil.html) we could see there were only changes to the header - an empty blob was removed. The keys inside were unchanged.
So commiting should be okay and not cause any conflict, but different git-secret versions by other teammates may cause the keyring to be changed again.