Importing the key
Anyone who already has the authority to decrypt the repo with git-crypt can add a key to git-crypt. To do so, you need only the public key from a collaborator who you wish to add.
Adding the key to your gpg keyring
gpg --import davidpalmer_pubkey.gpg
This will add the key to your keyring, but does not trust the key, so you can’t use it quite yet. First, we need to edit the trust level of the key. You can do this with the command gpg ––edit–key 95A7A51C (naturally, you’ll want to use the appropriate key id.)
This command will lead you to another gpg prompt. Best practice at this point is to contact the person whose key you are importing, either by phone or in person, and verify that the key fingerprints match. You can print the key fingerprint at the gpg prompt with the fpr command.
If you are satisfied that the public key is the one you want to trust, then you can type sign into the prompt. You can exit the gpg command prompt with save which saves the changes you made and exits the prompt. If for any reason you wish to quit without saving, you can do so with quit.
Adding the key to the git-crypt protected repo
Now that you have added the collaborator’s public key to your keyring, all that’s left to do is add that key to the git-crypt credentials in your repo. You can do that with the commmand git-crypt add-gpg-user 95A7A51C. This will not only add the collaborator’s key as a verified decrypter but also serves as a git commit. At this point, you can git push the repo and the new encryption will be pushed out.
Unlocking the repo
As a collaborator, once your key has been added you have only one step left. In the encrypted repo, type git-crypt unlock to unlock the encrypted files. From then on, you can use git as you normally would and all files managed by git-crypt will be encrypted before being pushed.