According to the man page:
git-crypt supports multiple keys per repository, allowing you to share different files with different sets of collaborators.
This is what I'm trying to accomplish. I only want certain collaborators to get access to certain parts of my code.
I want to be able to control who can access which file. Everyone using a common key isn't good for me because I want someone to be able to access file #1 but not file #2, and I want someone else to be able to access file #2 but not file #1.
I found the answer here:
A few notes:
Use the
-k
option, not the--key-name
option. I know the man page says they're the same, but they're not. Sometimes (I couldn't figure out why) the--key-name
option is ignored, and you'll end up using the default key without any error messages.Also, I found that setting up access by adding GPG users is easier than sharing the symmetric key. This is because git-crypt will use the default key whenever you enter a command it doesn't quite understand, and you have no way of knowing which key you just encrypted the data with unless you push the changes, transfer the key to another computer, and test to see which key works.
But if you add collaborators' public keys via GPG, you can easily see who has been added to which key using this command:
This will print out a list of collaborators who have been added to KEYNAME. If only git-crypt would display success/failure messages, I would have solved this problem a lot sooner. But once I figured out how to view which user was being added to which key, I finally began understanding how git-crypt works, and was able to set everything up the right way.