git-secret is a bash tool which stores private data inside a git repo. git-secret encrypts files with permitted users’ public keys, allowing users you trust to access encrypted data using pgp and their secret keys.
With git-secret, changes to access rights are simplified, and private-public key issues are handled for you.
When someone’s permission is revoked, secrets do not need to be changed with git-secret – just remove their key from the keychain using git secret killperson firstname.lastname@example.org, re-encrypt the files, and they won’t be able to decrypt secrets any more. If you think the user might have copied the secrets or keys when they had access, then you should also change the secrets.
In order to encrypt (git-secret hide -m) files only when modified, the path mappings file tracks sha256sum checksums of the files added (git-secret add) to git-secret’s path mappings filesystem database.