I forked a repo using git-crypt and I need to update the git-crypt key so that the upstream git-crypt key can't decrypt the new repo.
The git-crypt help documentation and README don't appear to explain how to change a git-crypt key.
I tried various ways of wiping the git-crypt config and re-initializing. Unfortunately, all attempts at doing so seem to break various things like git diff showing errors like smudge filter git-crypt failed. Some of this behavior is documented at Running git-crypt init on an already initialized repository renders the data unreadable. None of the suggestions in the comments at https://github.com/AGWA/git-crypt/issues/47 prevent the git diff fatal errors. (I am fine with git diff showing useless output from unencrypted binary file history, but it is not ok for git diff across some commits to give fatal errors preventing diffing even non-encrypted files.)
This seems like a major requirement of git-crypt, so I can't believe this isn't supported, e.g. if you need to rotate a git-crypt key because someone leaves a company.
As stated clearly at https://github.com/AGWA/git-crypt/issues/61 , git-crypt doesn't support rotating git-crypt keys.
I ended up rewriting git history to remove all prior history of the old git-crypt key (I completely removed the encrypted files from git history), then created a new key and checked in the encrypted files. This was time consuming and painful.
This limitation is documented at https://github.com/AGWA/git-crypt/#limitations. You might want to consider not using git-crypt if you need to rotate keys.